How can you force expire a salesforce access token?

Question

I'm building a web app and using OAuth2 to authenticate. For testing purposes, I would like to test what happens when the access token expires and the refresh token is needed to re-authenticate. Since the salesforce oauth token does not contain an "expiry date" parameter, how would i forcefully expire the salesforce access token.

This is what is returned when a token is requested.

{
    "oauth_token": {
        "access_token": "<access token>",
        "id": "https://login.salesforce.com/id/00DG0000000imtwMAA/005G0000001CFgeIAG",
        "id_token": "<id token>",
        "instance_url": "https://na47.salesforce.com",
        "issued_at": "1522400000",
        "refresh_token": "<refresh token>",
        "scope": [
            "refresh_token",
            "full"
        ],
        "signature": "<signature>",
        "token_type": "Bearer"
    }
}

You would get better answers from the folks at salesforce.stackexchange.com — Charles

martin martin · Accepted Answer · 2018-05-16T06:52:47

If you want to do it manually, you can go to Setup > Security Controls > Session Management, then select the session from the list and remove it. Alternatively, if you need to do it programmatically, you could query and delete these records, which are stored in the AuthSession object.

Once you've done that, your access token will be expired, and attempts to use it will produce:

[ { "message" : "Session expired or invalid", "errorCode" : "INVALID_SESSION_ID" } ]

Your refresh token will still be valid though, and you can use it to request a new access token.

How can you force expire a salesforce access token?

1 Answers