问题
In my current situation my flask app could be the only one using the Oauth server.
In that case I'd like to have my logout button actually revoke the access token.
But how to do that using the authlib flask integration?
Do I have to set up a new OAuth2Session just to use revoke_token()?
I don't think there is a hidden one inside FlaskRemoteApp?
And I don't think the flask registry takes a revoke_token_url or anything like that?
Any advice is welcome.
回答1:
Ok, here is the code that works for me using the existing flask registry.
from authlib.integrations.requests_client import OAuth2Session
client = OAuth2Session(oauth.myOauth.client_id,
oauth.myOauth.client_secret,
scope=oauth.myOauth.client_kwargs['scope'])
client.revoke_token(app.config['OASERVER'] + '/oauth2/revoke',
token=session['oatoken']['access_token'])
来源:https://stackoverflow.com/questions/64550311/python-authlib-flask-how-to-revoke-token-logout