Where to revoke Google API permissions granted on Android?

Question

I\'m working with some sample code here:

http://code.google.com/p/google-api-java-client/source/browse/picasa-android-sample/src/main/java/com/google/api/services/sa

Answer 1

After struggling to revoke authorisation for Gmail API permissions granted on my Android app (still in debug), I worked out that it does appear on https://security.google.com/settings/security/permissions like @David Waters mentions (it's a new link but goes to the same place) but only if you've properly enabled the API via the Google Developers Console. This means properly adding your OAuth 2.0 client ID, even if the app is still in development and in Debug Mode.

There's a very good guide on how to add your credentials on the Android Quickstart guide on the Gmail API site (Steps 1 & 2).

Answer 2

You need to programmatically revoke the token. First, try out the example app posted at: https://developers.google.com/drive/quickstart-android

This example app displays the dialog to let you pick an account, then takes a photo and then uploads it to Google Drive. One important thing I discovered is that this sample app will eventually fail. I discovered that the camera portion of the app causes crashes. So disable the camera part of the code and just replace the file with some file on an SD card and upload the file to Drive instead.

To revoke the permission to use Drive, you need to execute the following code:

String token = credential.getToken();


HttpRequestFactory factory = HTTP_TRANSPORT.createRequestFactory();
GoogleUrl url = new GoogleUrl("https://accounts.google.com/o/oauth2/revoke?token=" + token);
HttpRequest request = factory.buildGetRequest(url);
HttpResponse response = request.execute();

Refer to the sample code on how to access the credential variable. Also, you must run the above code in a thread that is not on the main thread or it will fail.

You also need to add the following permissions. The sample code fails to indicate these permissions and without them the app will crash:

<uses-permission android:name="android.permission.ACCOUNT_MANAGER" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />

If Eclipse complains that some of those permissions are only granted to the system, just run Clean Project and it will remove the warning. After you have done this, you should uninstall the app and reboot the device. For more information about revoking tokens, see the section "Revoking a Token" at:

https://developers.google.com/accounts/docs/OAuth2WebServer