DO Ideas 2

Add support for apps to rescind OAuth access to their account or specify a shorter expiration

Currently the OAuth API gives you a mandatory 30 day grant; however, my application does a single task and I'd rather limit my own access to my users accounts as much as possible. That means either rescinding my access as soon as I'm done, or letting myself specify a short (5-15minute) expiration so that even if my application is compromised my users are affected for a much shorter period of time.

  • Anonymous
  • Sep 11 2018
  • Will not implement
  • Sep 11, 2018

    Admin Response

    Hi! We actually already provide an endpoint to revoke a token. Though it seems like the neglected to include it in our OAuth docs. The request would look like: curl -X POST https://cloud.digitalocean.com/v1/oauth/revoke \ -d token=$TOKEN \ -H "Authorization: Bearer $TOKEN" We'll get that included in the docs at https://developers.digitalocean.com/oauth/ ASAP. While we use UserVoice for general feature requests, the best way to provide feedback specific to the API is to open an issue over on GitHub: http://do.co/APIv2_feedback Thanks for the feedback!
  • Attach files
  • Anonymous commented
    September 11, 2018 17:09

    Awesome, thanks!