I want to know how to revoke the access token with Golang SDK because as I can see there is no API available in the SDK.
Asked
Active
Viewed 322 times
1 Answers
0
Consider using the endpoint for clearing user sessions, documented here.
For HTTP, the endpoint is DELETE /api/v1/sessions/${sessionId}. From the Okta documentation:
Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
So, for the Go SDK (v1.1.0), this method (documented here) is what you want: call Client.User.EndAllUserSessions(userId string, qp *query.Params) with oauthTokens=true as a query param to indicate that refresh and access tokens should be revoked in addition to ending the session.
Right now, as mentioned in the question, there isn't a method to call the token revocation endpoint directly, so ending the sessions and revoking the tokens together is the only option if you must only use the provided SDK.
You should be able to call the revoke endpoint (POST ${baseUrl}/v1/revoke, documented here) directly via regular HTTP. I would recommend clearing all user sessions via the SDK, however, since that is likely to provide more desirable behaviour (the circumstances in which you want to revoke a token but still keep your user signed in are limited).
msmith
- 293
- 2
- 8
-
so there is no api in SDK. – Ankit Malik Oct 27 '21 at 06:38
-
Correct, there is no api for just revoking tokens. – msmith Oct 27 '21 at 13:26
-
Thanks @msmith But the SDK which I am using for the Golang is also having the cache if I am revoking its still validating that token. – Ankit Malik Feb 17 '22 at 08:05