问题
I'm using oauth implicit flow to authorize google assistant user into the system.
The login flow goes like this:
If user is logging in for the first time, the assistant redirect it to my service where user provides its credentials and logs in. Upon successful login, my service generates a JWT token and sends it back to the google oauth endpoint.
Then user returns to the Google assistant with a message: "Your account has been linked to Google".
Now, the big problem is,
How can I logout the user once the token expires?
Or how can I revoke the token from Google Assistant so that it will again redirect the user to my service login page for authentication?
Try not to suggest Authorization code flow because existing architecture does not allow Authorization flow.
If you need more information then please comment below.
回答1:
Found the solution.
You just have to send 401 Unauthorized Code from the your webhook. On receiving 401 Google automatically revokes the token and exits the application.
Then when user invokes the app again. User is asked to re-link his account with Google.
If you have further questions then comment below.
来源:https://stackoverflow.com/questions/52125906/how-to-revoke-access-token-from-google-assistant