question

karol_k01 avatar image
0 Likes"
karol_k01 asked

How to revoke OAuth2 token?

Hi,

I've been experimenting with the API and while my app (aspnet blazor) will allow me to sign into an account and successfully get the access token to use for requests, I am slightly stuck on how to actually log out the user?


So far my app starts with a log-in button. Usually that will take me to eBay portal to login (using the .NET SDK for generating this) and all is fine. However if I restart the app and try to log-in again, it will skip the portal as I've already authenticated and the token isn't expired.


Now this is a problem as I have no clue how to try logging into a different user apart from manually revoking the program from the eBay account settings which is tedious, as I want to be able to have the functionality of switching to a different account.


Is there an way of revoking the current access token to implement the behaviour of logging out? Or am I simply missing something?

oauth2
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sagar_developersupport avatar image
0 Likes"
sagar_developersupport answered

Hi @karol_k01,

A user authentication token can only be revoked by the user from their MyeBay page.

Here are the steps to revoke a token:-

Log in to eBay
- Go to My eBay
- Under My Account, Click on Preferences
- On the Preferences page, look for Third-party authorizations
- Select the Application for which you want to revoke the token
- Click Apply

Best Regards ,
eBay Developer Support

10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

earthseagames avatar image
0 Likes"
earthseagames answered

There is no 'Third-party authorizations ' under preferences in my ebay.

· 3
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

if I am not wrong, changing the password of your ebay account should invalidate all existing tokens (don't know if this also applies to any refresh tokens)
0 Likes 0 ·
Yes - that turned out to be the issue. A routine password reset broke my app api.
0 Likes 0 ·
besides that: when working with oauth, there is no "logout"... there is only a token that has a specific lifetime - as long the token is valid you are able to make calls in behalf of that user-token, no need for any logout.
0 Likes 0 ·
jitendra_developersupport avatar image
0 Likes"
jitendra_developersupport answered

Hi @earthseagames,


Please follow the steps mentioned below to revoke the Third-party app access from your eBay marketplace account.

1. Go to Account setting

2. Go to "Sign in and security" under "Personal Info" section https://accountsettings.ebay.com/uas

3. See "Third-party app access" section


Best Regards,
eBay Developer Support

10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.