Revoking Tokens?
I have successfully gotten my access token and refresh token. I know the access token will expire quickly but the refresh token about a year later. What I am wondering is if I want to disconnect the app from BB how do I revoke the refresh token so it can't be used anymore? I am assuming it is not a major issue, but thought that if I was clearing them I should also revoke them. Thanks for any help you can provide.
Comments
-
@Paul Hermans
good question, never really thought about it.thinking through, in order to use refresh token to get new access token, you need to use client_id and client_secret. The developer application client_id doesn't change, but the client_secret can be “regenerated”. So I imagine that when the client_secret is regenerated, the refresh token is revoked.
You can try it and report back =D
0 -
@Paul Hermans It depends on the reason you want cancel your refresh token.
You can disconnect your instance of RE from the app (in the marketplace) that will expire any access tokens as well as refresh tokens so that they can no longer be used.
Alternatively if you plan on using your app but you just want to cancel the current refresh token, you can also generate a new access token without the preserve refresh token flag set. That will create a new refresh token and disable your previous refresh token (but then you have a new one)
1 -
@David Zeidman is right here. Disconnecting the application from a Blackbaud environment (either from My Apps--as the developer--or Marketplace--as the customer) will revoke any refresh tokens associated with that Connection.
I just wanted to point out that regenerating your Client Secret (primary or secondary) does not invalidate refresh tokens. In fact, we encourage you to occasionally regenerate your client secrets as part of regular credential rotations (docs). (Still appreciate you, @Alex Wong!)
0 -
@Chris Rodgers
Thanks for the infoI never tried it, but only making guessimate. Since generating a new access token from refresh token requires the use of client_id and client_secret, if the client_secret is no longer valid, then whoever is trying to use the refresh token to get a new acess token would not be able to. I'm assuming the reason the original post want to “revoke” the refresh token is so that someone having that can be “blocked” out of accessing RE NXT via SKY API. So when client_secret is invalid, then it doesn't matter if the refresh token is still valid or not.
1
Categories
- All Categories
- 6 Blackbaud Community Help
- 212 bbcon®
- 1.4K Blackbaud Altru®
- 399 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 654 Blackbaud Grantmaking™
- 571 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 939 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.6K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 248 ResearchPoint™
- 119 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 240 Member Lounge (Just for Fun)
- 34 Blackbaud Community Challenges
- 34 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 789 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)