I have a Node JS app that uses Twitter API (using OAuth 1.0a) to authenticate users and posts tweets on behalf of the users using the provided user access token.
I also want to provide a way for a user of my app to "disconnect" from Twitter by revoking the access token provided earlier, such that the user must log into Twitter the next time he wants to access it via my app.
I also have a similar integration with Facebook (via OAuth 2), and the legal way to do that with Facebook is via the DELETE request to the /me/permissions route. For Twitter, I found a way (mentioned on this page: https://dev.twitter.com/oauth/reference/post/oauth2/invalidate/token) to invalidate the access token, but it seems to fail with "Unable to verify your credentials" error. I know I'm providing the right credentials, because instead of posting to that endpoint if I just post a tweet with the same credentials, I'm able to do that successfully.
One thing to note: I found that Twitter does not support OAuth2 for user authentication, which is why I used OAuth 1 for Twitter. Not sure if it's got something to do with this.
Sample code from my app that is trying to revoke the token:
var logout = function(userAccessToken, userAccessTokenSecret, done) {
oauth.post(
"https://api.twitter.com/oauth2/invalidate_token",
userAccessToken, userAccessTokenSecret,
{"access_token": userAccessToken},
"application/json",
function(error, data) {
console.log("response from Twitter: error = " + JSON.stringify(error) + ", data = " + JSON.stringify(data));
done(error, data);
}
);
}
