OAuth2 refresh token revocation
Hi there,
I'm a developer working with the AccountRight Live api (cloud-hosted company file). I've followed the instructions for the OAuth2 flow and have had no issues getting access/refresh tokens, renewing the access token, or calling the APIs. However, I have been trying to figure out how to use your API to revoke a refresh_token by POSTing to https://secure.myob.com/oauth2/v1/revoke.
I am using the official RFC (https://tools.ietf.org/html/rfc7009) to make the request.
POST https://secure.myob.com/oauth2/v1/revoke
Authorization: Basic {Base64Encode(clientId:clientSecret)}
Content-Type: application/x-www-form-urlencoded
token={REFRESH_TOKEN}&token_type_hint=refresh_token
Unfortunately, this OAuth2 endpoint is NOT documented in your official documentation and I can't figure out why it's returning:
{
"error": "invalid_request"
}Is there an official way to revoke an access/refresh token when your app no longer needs to have access to a company file?
The primary use-case is that from a security standpoint we'd like to delete the token in our system AND revoke it on your end. Also, it's very hard to test the OAuth2 user flows because after I've approved our application the first time I cannot revoke access to our application meaning the next time I initiate the OAuth2 flow it skips the step where the user can Approve or Cancel granting access.
Alternatively, is there a way to remove access for the application from within AccountRight Live itself? Or from your web interface?
Thanks in advance you for your time and consideration!
Hi Finagraph,
Thanks for reaching out. To revoke access, you will need to log into secure.myob.com with the my.MYOB account that was used to authenticate and revoke the access. This process cannot be completed via the API or via the AccountRight program itself.
Thanks,
Jacob
MYOB API Team
Are you a developer? Check out http://developer.myob.com
Looking for an Add-on? Check out http://myob.com/addons/
MYOB API Support Centre - https://apisupport.myob.com
