After successfully integrating Xbox O-Auth into my application, I want to provide users with a button on my site to revoke their access to Xbox. However, I couldn't locate any documentation on revoking Xbox tokens.
can i use revoke
instead of authorize
in this Url? https://xsts.auth.xboxlive.com/xsts/authorize
Could someone please guide me on how to achieve this? Any relevant documentation links or code snippets would be greatly appreciated. Thank you
Usually, you don't have to explicitly revoke access tokens. All you need is to erase the token from your app and you won't have access to xbox API anymore.
If the user has granted consent to your app in the OAuth flow and you want to let her revoke the consent, then the user will have to do it somewhere on the xbox side. On her xbox account, the user should have a list of all the apps she granted access and she should be able to revoke the access there.