Revoke an access token

Revoking an access token consists of the authorization server invalidating the token for all purposes. If, for example, a user indicates to a client that they no longer want the client to have access to something, the client can request the associated token be revoked.

These code snippets enable the client to call a management endpoint to revoke the specified access token.

Before you begin

We recommend creating a wallet account on the test wallet. Creating an account allows you to test your client against the Open Payments APIs by using an ILP-enabled wallet funded with play money.

Revoke an access token

Prerequisites

Initial configuration

If you’re using JavaScript, only do the first step.

Add "type": "module" to package.json.

Add the following to tsconfig.json

{
  "compilerOptions": {
    "target": "ES2022",
    "module": "ES2022"
  }
}

// Import dependencies
import { createAuthenticatedClient } from '@interledger/open-payments'

// Initialize client
const client = await createAuthenticatedClient({
  walletAddressUrl: WALLET_ADDRESS,
  privateKey: PRIVATE_KEY_PATH,
  keyId: KEY_ID
})

// Revoke token
await client.token.revoke({
  url: MANAGE_URL,
  accessToken: ACCESS_TOKEN
})

For TypeScript, run tsx path/to/directory/index.ts. View full TS source

For JavaScript, run node path/to/directory/index.js. View full JS source

Prerequisites

// Import dependencies
use open_payments::client::AuthenticatedResources;
use open_payments::snippets::utils::{create_authenticated_client, get_env_var, load_env};

// Initialize client
let client = create_authenticated_client()?;

// Revoke access token
let access_token = get_env_var("ACCESS_TOKEN")?;
let token_manage_url = get_env_var("TOKEN_MANAGE_URL")?;

client
    .token()
    .revoke(&token_manage_url, Some(&access_token))
    .await?;

// Output
println!("Access token revoked successfully");

View full source

Prerequisites

// Import dependencies
use OpenPayments\AuthClient;
use OpenPayments\Config\Config;

// Initialize client
$config = new Config(
    $WALLET_ADDRESS,
    $PRIVATE_KEY,
    $KEY_ID
);
$opClient = new AuthClient($config);

// Revoke token
$tokenResponse = $opClient->token()->revoke(
    [
        'access_token' => $ACCESS_TOKEN,
        'url' => $TOKEN_MANAGE_URL
    ]
);

View full source

Prerequisites

package main

// Import dependencies
import (
  "context"
  "fmt"
  "log"

  op "github.com/interledger/open-payments-go"
)

func main() {
  // Initialize client
  client, err := op.NewAuthenticatedClient(WALLET_ADDRESS_URL, PRIVATE_KEY_BASE_64, KEY_ID)
  if err != nil {
    log.Fatalf("Error creating authenticated client: %v\n", err)
  }

  // Revoke Token
  if err := client.Token.Revoke(context.TODO(), op.TokenRevokeParams{
    URL:         MANAGE_URL,
    AccessToken: ACCESS_TOKEN,
  }); err != nil {
    log.Fatalf("Error revoking access token: %v\n", err)
  }

  fmt.Println("Access token revoked successfully")
}

Prerequisites

// Import dependencies
import org.interledger.openpayments.httpclient.OpenPaymentsHttpClient;
import org.interledger.openpayments.IOpenPaymentsClient;

// Initialize client
var client = OpenPaymentsHttpClient.defaultClient(
"WalletAddress",
"PrivateKeyPEM",
"KeyId"
);

// Retrieve the wallets
var receiverWallet = client.getWalletAddress("https://cloudninebank.example.com/merchant");

// Create grant request
var grantRequest = this.client.createGrantIncomingPayment(receiverWallet);

// Revoke grant request
// Auth server will be retrieved from [receiverWallet]
this.client.revokeToken(receiverWallet, grant.getAccess().getToken(), grantRequest);

// Output
log.info("REVOKED GRANT: {}", grantRequest);

References

API specification