Can my app "revoke itself" from user access?



I am trying to revoke access of my app for a user by invalidating the user access token (i.e. the user has previously performed a successful authorization of the app). I was hoping for this to do the trick:

but the URL: does not exist! (404)

Has the above URL been moved or removed? If the latter, is there a different way to revoke user access of my app? Is requesting the user to revoke the app the only way?

I do understand that unsubscribing the app from the user’s activity will stop events from coming in to the webhook URL, but I’m trying to get the user -> app association removed completely from Twitter (so the user doesn’t show up again next time asking Twitter for all app users).



Try /1.1/oauth/invalidate_token - I believe this could be an error in the documentation.


Thanks for the reply!

Yes, with 1.1 in the URL the endpoint is found!

Should the /1.1/oauth URL work for all other authentication requests too, like for /request_token and /access_token (they are also documented to have an /oauth URL rather than /1.1/oauth URL).


Confusingly, no, the 1.1 only applies on the invalidate endpoint. The other auth endpoints should not include 1.1. The example code has this correct, but the documentation needs to be fixed.


Ok, thanks for the info!

closed #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.