Revoke User OAuth Token

liz.garcia · July 18, 2022, 7:16pm

Hi there! I’m trying to implement PagerDuty OAuth 2.0 functionality.
I was looking into the documentation (auth-2-0-functionality) but it seems there’s no way to do a “Logout” or single user “Revoke Token” petition
Is there a way we can do this (if implements REST it would be great)?

nselby · July 19, 2022, 12:39am

Hi Liz,

Thanks for reaching out! You can read how to revoke tokens using the API here:

https://developer.pagerduty.com/api-reference/23e4d1cfe1b45-delete-a-user-s-session

Please let me know if that helps or if you have any other questions!

liz.garcia · July 19, 2022, 6:24pm

Hi Nick, I’ve already read it, but my response array is empty when I execute:
users/{id}/sessions/{type}/{session_id}

Also, it explicitly states that “Beginning November 2021, user sessions no longer includes newly issued OAuth tokens.”, which are the tokens I’m trying to revoke

dan.jeffs · July 21, 2022, 5:52am

Hey Liz,

OAuth tokens can be explicitly revoked from the user’s User Settings tab. All sessions become unavailable if the user’s PagerDuty account is deleted.

Let me know if you’ve got any other questions!

Dan Jeffs
Technical Support Engineer
PagerDuty.com