Actively revoking OAuth access tokens


#1

I’d like to actively revoke OAuth tokens for users who are no longer using my application. I know the user can always revoke application authorization through the Twitter web UI.

Is there an API or way of doing that from the application-side? That is, is there a way for an application owner to revoke tokens?

Brian Maso


#2

Hi Brian,

There’s currently no way for an application to voluntarily revoke the access tokens for a user who has granted an application access. If you determine a certain period of inactivity on your service as implying the user is no longer using your application, your best avenue is to remove the access token from your records. If the user ever comes back, you can re-negotiate it for them.