I am trying to use the super secret API methods of calling createAccessToken/revokeAccessToken in combination with /api/token endpoints as used in the Quirky App, however I am having some issues attempting to revoke the created token afterwards.
I am attempting to use the /api/token endpoint in an OAuth callback to avoid having the user log into both an external service and the SmartThings service which they are already authenticated to. This works (is there documentation for /api/token anywhere?), however as the token has been transmitted through the clear in the url I need to revoke it to ensure the security of the SmartThings account. There is a method called revokeAccessToken() however this does not seem to actually revoke the token created with createAccessToken().
Does anybody have a solution for revoking tokens?
Here are some other possibly related threads in which I could not find an answer: