Is it (now) possible to revoke Gitlab access tokens through the API?

Question

Two years ago, someone asked if it was possible to programmatically revoke access tokens through the Gitlab API. The answer then was no. I have not located recent information confirming or rejecting that this is still true.

I was hoping to use something like this with Python's http request library:

 headers = {'Authorization':  clientSecret}
 res = gitlab.post("https://gitlab.com/oauth/revoke", headers=headers, data={
            'client_id': clientID,
            'access_token': accessToken
        })
print(res.text)

However, the response has been empty with different variations.

score 0 · Accepted Answer · answered Apr 22 '21 at 17:16

0

In light of information here, it seems completely possible to revoke the access tokens. This works:

 payload = {"token": accessToken,
            "token_type_hint": "refresh_token"
        }
 auth = HTTPBasicAuth(clientID, clientSecret)
 res = requests.post("https://gitlab.com/oauth/revoke",
                    data=payload,
                    auth=auth,
                    )

answered Apr 22 '21 at 17:16

d-cubed

1,034
5
30
58

it's ok to accept your own answer :) – JohannesM Aug 17 '22 at 15:48

Is it (now) possible to revoke Gitlab access tokens through the API?

1 Answers1