How to programmatically de-authorize devices


#1

If I want de-authorize a user’s device from being accessed by my SmartApp, how can I do that?

Thank you,

Thomas


#2

Hi @djkrite,

Do you mean someone else’s phone from accessing your SmartThings “stuff”? Or, keeping SmartThings from using someone else’s phone as a mobile presence device? Do you have a specific example?


#3

I mean a user can authorize a device to be accessed by my SmartApp via oauth. How do I remove that authorization on the user’s behalf?

Thomas


#4

Ah, ok. You should be able to go into the SmartApp on your phone and uncheck the device. I’m not 100% sure, but seeing some of my apps that do something similar, that should do it.


(Jody) #5

Did you have some users install your SmartApp via oAuth? If they have their own installation using that method, you cannot easily revoke access. That is one of the reasons we closed that method of installation. If these are accounts you have access too, then yes, the answer is go into the smartapp and manually uncheck the devices you want to remove.


#6

I’m not getting my question across right…

Can a third party that has published a SmartApp revoke authorization on a device a user has previously authorized via oauth in the SmartApp via code, without the user’s interaction?

So in my SmartApp, I want to do something like this:

device.deleteSmartApp()

or

device.deleteAuthorization()

(Jody) #7

No. You as a vendor cannot revoke a user’s devices. You could block their access to certain endpoints, but not revoke the authorization.


#8

Thank you.