How to unauthorize/revoke LinkedIn token in my application

4
votes

I have a grails application in which I want a user to grant me access to his/her LinkedIn account to get information and show it in different ways.

I was able to do the following:

  1. Get the authorization code
  2. Use that authorization code to get the Access Token
  3. I store that Access Token together with the expiration date in my User entity.
  4. Refresh that Access Token when the expiration date is within X days from today.

Now the issue I'm having is that I would like the user to revoke or invalidate that token so that someone else can use the same computer and session and login to a different LinkedIn account.

  • Is this possible?
  • If not? Is there a way to delete the LinkedIn cookies? so that the user's LinkedIn session is finished and by being logged out from LinkedIn then they will have to grant access to my application again.

For reference:

  • I'm using Grails 2.1.1
  • I'm NOT using oauth to do the authentication, I just use the HTTPClient from Groovy to do plain and simple GET and POST requests.

Thanks a lot in advance!

2
grailsoauthtokenlinkedin
found old article from linkedin with Invalidation API . but it out of date and not work anymore blog.linkedin.com/2010/04/29/linkedin-platform-oauth - pery mimon

2 Answers

1
votes

The easiest thing to do is just to delete the Access Token from your storage. This way you no longer have access to that account. When LinkedIn was using OAuth 1.0a, they had an Invalidate call which would invalidate the Access Token. But when they moved to OAuth 2.0, that went away.

1
votes

I have managed to revoke token on API v2 with this call:

curl --request POST \
  --url https://www.linkedin.com/oauth/v2/revoke \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data client_id=CLIENT_ID_HERE \
  --data client_secret=CLIENT_SECRET_HERE \
  --data token=YOUR_TOKEN_HERE