Google OAuth2 how to kill access_token?

  google-api, google-oauth, oauth-2.0, php, rest

I do this steps:

  1. Take token from https://oauth2.googleapis.com/token using auth code
  2. Its success and shows me access_token, expires_in, refresh_token and etc
  3. Then i use it to check with API opening https://www.googleapis.com/oauth2/v3/userinfo?access_token=xxx
  4. All works perfect. I see my information.
  5. Then i revoke token with https://oauth2.googleapis.com/revoke and get success answer with 200 code
  6. Try again step 3, and open https://www.googleapis.com/oauth2/v3/userinfo?access_token=xxx
  7. It anyway works! I see my information instead of error message.

What i do wrong? How can i disable token?

Source: Ask PHP

LEAVE A COMMENT