Skip user Consent
You can revoke user consent on a per-application basis, or for all applications to which the user granted their consent.
danger
Revoking a user's consent automatically revokes all related access and refresh tokens. Don't use this method to invalidate user sessions.
If you are using access and refresh tokens as user sessions instead of browser cookies, you should revise your approach and usage of OAuth2.
Per-application basis
Use the Ory SDK to revoke user consent for a specific OAuth2 client:
import { Configuration, OAuth2Api } from "@ory/client"
const ory = new OAuth2Api(
new Configuration({
basePath: `https://${process.env.ORY_PROJECT_SLUG}.projects.oryapis.com`,
accessToken: process.env.ORY_API_KEY,
}),
)
export async function revokeConsent() {
const { data } = await ory.revokeOAuth2ConsentSessions({
subject: "some-user-id",
client: "some-client-id",
})
}
All applications
Use the Ory SDK to revoke user consent for all OAuth2 clients:
import { Configuration, OAuth2Api } from "@ory/client"
const ory = new OAuth2Api(
new Configuration({
basePath: `https://${process.env.ORY_PROJECT_SLUG}.projects.oryapis.com`,
accessToken: process.env.ORY_API_KEY,
}),
)
export async function revokeConsent() {
const { data } = await ory.revokeOAuth2ConsentSessions({
subject: "some-user-id",
all: true,
})
}