wagnerdelima / drf-social-oauth2

drf-social-oauth2 makes it easy to integrate Django social authentication with major OAuth2 providers, i.e., Facebook, Twitter, Google, etc.
https://drf-social-oauth2.readthedocs.io/en/latest/
MIT License
274 stars 34 forks source link

How can I revoke refresh token? #67

Closed lcbiplove closed 1 year ago

lcbiplove commented 3 years ago

Not kind of issue, but I could not find any endpoint to revoke the refresh token. Also, I was wondering why revoking access tokens have no effect on refresh token. In your docs, I could see an endpoint to delete single access_token:

curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&token=<your_token>" http://localhost:8000/auth/revoke-token

For all tokens associated with the user:

curl -H "Authorization: Bearer <token>" -X POST -d "client_id=<client_id>" http://localhost:8000/auth/invalidate-sessions

And both works perfectly. I am just asking a way to revoke refresh token as well.

wagnerdelima commented 1 year ago

Sorry, just now saw this. Years later... As of now, you cannot. I will work on this in the near future. @lcbiplove are you still using this framework?

lcbiplove commented 1 year ago

No, I am not using the framework these days. Thank you for your response though.