Revoke an access token

Revoking an access token consists of the authorization server invalidating the token for all purposes. If, for example, a user indicates to a client that they no longer want the client to have access to something, the client can request the associated token be revoked.

These code snippets enable the client to call a management endpoint to revoke the specified access token.

Before you begin

We recommend creating a wallet account on the test wallet. Creating an account allows you to test your client against the Open Payments APIs by using an ILP-enabled wallet funded with play money.

Prerequisites

Initial configuration

If you’re using JavaScript, only do the first step.

Add "type": "module" to package.json.

Add the following to tsconfig.json

{
  "compilerOptions": {
    "target": "ES2022",
    "module": "ES2022"
  }
}

Import dependencies

import { createAuthenticatedClient } from "@interledger/open-payments";

Copied!

Initialize Open Payments client

const client = await createAuthenticatedClient({
  walletAddressUrl: WALLET_ADDRESS,
  privateKey: PRIVATE_KEY_PATH,
  keyId: KEY_ID,
});

Copied!

Revoke token

await client.token.revoke({
  url: MANAGE_URL,
  accessToken: ACCESS_TOKEN,
});

Copied!

For TypeScript, run tsx path/to/directory/index.ts. View full TS source

For JavaScript, run node path/to/directory/index.js. View full JS source

Prerequisites

Import dependencies

use OpenPayments\AuthClient;
use OpenPayments\Config\Config;

Copied!

Initialize Open Payments client

$config = new Config($WALLET_ADDRESS, $PRIVATE_KEY, $KEY_ID);
$opClient = new AuthClient($config);

Copied!

Revoke token

$tokenResponse = $opClient->token()->revoke([
  "access_token" => $ACCESS_TOKEN,
  "url" => $TOKEN_MANAGE_URL,
]);

Copied!

View full source

References

API specification