Two years ago, someone asked if it was possible to programmatically revoke access tokens through the Gitlab API. The answer then was no. I have not located recent information confirming or rejecting that this is still true.
I was hoping to use something like this with Python's http request library:
headers = {'Authorization': clientSecret}
res = gitlab.post("https://gitlab.com/oauth/revoke", headers=headers, data={
'client_id': clientID,
'access_token': accessToken
})
print(res.text)
However, the response has been empty with different variations.
In light of information here, it seems completely possible to revoke the access tokens. This works:
payload = {"token": accessToken,
"token_type_hint": "refresh_token"
}
auth = HTTPBasicAuth(clientID, clientSecret)
res = requests.post("https://gitlab.com/oauth/revoke",
data=payload,
auth=auth,
)