Code Cookbook

Revoke OAuth Token

Respect user privacy by enabling them to revoke unwanted OAuth tokens.

Server Side
Client Side

Users should be able to revoke access to their accounts. To revoke an OAuth token, send a request to the Revoke Token endpoint.

Before you start

To use the example code as written, you will need:

Step 1: Add code to let users revoke access to their accounts

Create a PHP file called revoke_token.php and add code to let users to revoke access to their accounts. Make sure the revoke token page is in the same password-protected area as the main OAuth flow page.

<h2>Revoke Access to your Account</h2>
<p>
  Click the button below to close your account or revoke access to your Square
  account.
</p>

<form action="revoke_token.php" method="post">
  <input type="submit" id="submit" value="Revoke Access" />
</form>

Step 2: Add a function that revokes the OAuth token

Add a function (getAuthzCode) to call the OAuth API and revoke the access token.

// Revokes access token
function revokeToken($oauthToken) {

  // Create an OAuth API client
  $oauthApi = new SquareConnect\Api\OAuthApi($defaultApiClient);
  $body = new \SquareConnect\Model\RevokeTokenRequest();

  // Set the POST body
  $body->setClientId(_SQ_APP_ID);
  $body->setAccessToken($oauthToken);

  try {
      $result = $oauthApi->revokeToken($body);
  } catch (Exception $e) {
      error_log 'Exception when calling OAuthApi->revokeToken: ' . $e->getMessage();
      throw new Exception("Error Processing Request: Token revocation failed!", 1);
  }

  return;
}

If your request is successful, the Revoke Token will revoke the OAuth token and your code will print "Success!"

Prev
< Browse More Recipes
Next
Browse More OAuth Recipes >

Contact Developer Support, join our Slack channel, or ask for help on Stack Overflow