Revoke google service account access token

Question

I try to revoke the service account's token using POST https://oauth2.googleapis.com/revoke?token=ACCESS_TOKEN (documentation)

but it says,

{ "error": "invalid_request", "error_description": "Token is not revocable." }

Also tried GET https://accounts.google.com/o/oauth2/revoke?token=ONLINE_ACCESS_TOKEN and this gives the same error message.

I used the below function to acquire an access token of the service account.

function getAccessToken() {
 return new Promise(function(resolve, reject) {
  const key = require('../placeholders/service-account.json');
  const jwtClient = new google.auth.JWT(
   key.client_email,
   null,
   key.private_key,
   SCOPES,
   null
  );
  jwtClient.authorize(function(err, tokens) {
   if (err) {
    reject(err);
    return;
   }
   resolve(tokens.access_token);
  });
 });
}

DaImTo DaImTo · Accepted Answer · 2020-11-11T13:00:43

Revoke only works on Oauth2 credentials. When a user authenticates your application they grant your application access to their data. By revoking that access you remove that grant.

Service accounts are preauthorized manually. You would need to remove that authorization from what ever api the service account was authorized for.

Revoke google service account access token

1 Answers