javascriptpythonoauthxboxsocial-authentication

How to revoke token in xbox


After successfully integrating Xbox O-Auth into my application, I want to provide users with a button on my site to revoke their access to Xbox. However, I couldn't locate any documentation on revoking Xbox tokens. can i use revoke instead of authorize in this Url? https://xsts.auth.xboxlive.com/xsts/authorize Could someone please guide me on how to achieve this? Any relevant documentation links or code snippets would be greatly appreciated. Thank you


Solution

  • Usually, you don't have to explicitly revoke access tokens. All you need is to erase the token from your app and you won't have access to xbox API anymore.

    If the user has granted consent to your app in the OAuth flow and you want to let her revoke the consent, then the user will have to do it somewhere on the xbox side. On her xbox account, the user should have a list of all the apps she granted access and she should be able to revoke the access there.