How to delete refresh tokens


#1

Hi, I’m trying to create a new refresh token and delete the previously used refresh token.

First, I should point out the fact that I’m still on OAuth 1.0. Upgrading to 2.0 is planned but not anytime soon.

I’ve managed to create a new refresh token by following the old tutorial: http://developers.hubspot.com/docs/methods/auth/initiate-oauth

At this point, I assumed the old refresh token would become no longer valid but I found out that it is still active. So currently, I’m able to use both old and new refresh token to create new AccessTokens.

I’ve tried using the delete refresh token API request but it doesn’t do anything. My guess is this API request only works for OAuth 2.0.

So my question is, how can I delete the old refresh token? Your help would be greatly appreciated.


#2

Hi @royahn77

The old OAuth1 system does not have a way to manually delete or disable specific refresh tokens. We can disable all refresh tokens for an app for a specific portal by uninstalling the app from the portal, but that would delete all of the refresh tokens.


#3

@dadams Thank you for clarifying that.