Error with revoking the access token

Highlighted
First-time Contributor

Error with revoking the access token

I am able to get the user's access token using the auth code after getting the users permission for the application. But revoking the access token using

curl -X POST https://api.box.com/oauth2/revoke \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'client_id=[CLIENT_ID]' \ -d 'client_secret=[CLIENT_SECRET]' \ -d 'token=[ACCESS_TOKEN]' 

is only working when I do it within a short time after the connection of the app and we can see the application has been removed from the account settings security tab. When I try the same after a long period( a day) the revoke call is running without any error but still we can see the application in the account settings security tab. Would appreciate any help to resolve this.

1 REPLY 1
Highlighted
Box Employee

Re: Error with revoking the access token

@subin_john 

 

Thanks for bringing this up. I think this might be more of a feature gap rather than a break in designed behavior. There's no strict relationship between revoking tokens and "sessions" within the Account Settings Security tab. 

 

It sounds like the functionality you're looking for is for an API to remove sessions from the account settings security tab, and I actually put up a similar feature request for someone here:

https://pulse.box.com/forums/909778-help-shape-the-future-of-box/suggestions/35984293-allow-admins-t...

 

I think it'd be worth creating a new feature request on Pulse asking specifically for an API endpoint (and upvote other ideas you see on Pulse!) to address what you're looking for. If you have any trouble, let me know and I'd be happy to get that in for you as well.

 

Thanks,

Jason