How can we improve Trakt.tv?

Revoke access via API is not removing entry from website

When revoking an application via the API, the revoke is successful i.e. returns an empty body {}. However, the website still indicates the application is still approved.

I tested an API call that required oAuth after the revoke and can confirm unauthorized result.

Another thing I noticed is that the website approval date reports 2014 year even though I only did it this weekend.

Finally, a question, I'm using Device Code auth and couldn't see the purpose of using the redirectURI field. Can this be null or must I always use the value specified for my app?

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    ltfearmeltfearme shared this idea  ·   ·  Admin →
    Completed  ·  Justin NemethAdminJustin Nemeth (Founder, trakt) responded  · 

    Please see notes. If still not working, might be best to post the full request in the API community so other devs can chime in too.

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • ltfearmeltfearme commented  · 

        That makes sense, will do a test. Thanks.

      • Justin NemethAdminJustin Nemeth (Founder, trakt) commented  · 

        The website will display one entry, even if there have been multiple tokens issued for that app. My guess is one was revoked, but there were still other active tokens for that app. One thing you can do is revoke from the website to remove all the tokens, then check if it works from that point ok.

      • ltfearmeltfearme commented  · 

        Well as I said I can see that it worked as I tested after revoke and was unauthorised when I used my old access token. It was just the website that was not refreshing.

        I can post this in the dev group for API if you wish, it just didnt seem API related to me.

      • Justin NemethAdminJustin Nemeth (Founder, trakt) commented  · 

        That call will always return success, even if the token isn't found. That is for security reasons so it can't be used to verify/guess tokens.

        I just tested and it worked properly for me, so my guess is the data being sent might be incorrect. Here's the curl call I used.

        curl -i -v -H "trakt-api-version: 2" -H "Content-type: application/x-www-form-urlencoded" -X POST -H "trakt-api-key: [client_id]" -H "Authorization: Bearer [token]" -d "token=[token]" https://api.trakt.tv/oauth/revoke

        On the approval date, maybe you approved it in the past? It might use the oldest date you granted access.

        Use urn:ietf:wg:oauth:2.0:oob for the redirect URI for device authentication.

      Feedback and Knowledge Base