I am doing OAuth 2.0 Integration, do I need to revoke the token again or is it happening by itself?

Prathamesh Chav · ‎02-13-2025

Hi team,

I am doing OAuth 2.0 Integration with 3rd party, do I need to revoke the token every time manually or is it happening by itself?

Can anyone tell me about this?

Thanks

Community Alums · ‎02-13-2025

Hi @Prathamesh Chav - OAuth 2.0 access tokens are typically short-lived for security purposes. Once they expire, they are no longer valid. You do not necessarily need to revoke an access token manually after it expires, as it will no longer be usable after the expiration time.

Revocation does not happen automatically by itself in most OAuth 2.0 integrations.

Debasis Pati · ‎02-13-2025

Hello @Community Alums ,

Oauth integrations and token based handshakes between two systems.Tokens do expire in a short period of time and that doesn't get authenticated if you are trying to use it after sometime.

Most of the oauth tokens do expire by max 2-3 minutes so you no need to revoke every time.

I hope this answer helps you. if this helped please mark it as correct/helpful.
for more about oauth integrations servicenow please visit- https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/administer/security/concept/c_OAuthApplications.html

Regards,
Debasis

Ankur Bawiskar · ‎02-13-2025

@Prathamesh Chav

you are provider or consumer of endpoint?

In either ways OAuth access token has a lifespan and it gets expired.

So it needs to be generated again.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader