Where to revoke Google API permissions granted on Android?

Question

I'm working with some sample code here:

http://code.google.com/p/google-api-java-client/source/browse/picasa-android-sample/src/main/java/com/google/api/services/samples/picasa/android/PicasaSample.java?repo=samples

I authorized access in my Android app, but I cannot find where to now revoke access, so I can run through it again. Uninstalling the APK does not seem to reset any permissions.

Answer 1

我相信如果您访问https://accounts.google.com/IssuedAuthSubTokens，它应该在“连接的网站，应用和服务”下列出您的应用，您可以撤消访问权限。

Answer 2

Two steps to trigger the authorization page again:

1. go to https://accounts.google.com/IssuedAuthSubTokens to revoke the app you want. This will clear the permissions from server side.
2. go to your android device's settings->Data and time: fast-forward your time by a day or two. This will force the current token to expire.

Answer 3

It's not possible via any public, official API.

See:

• https://groups.google.com/forum/?fromgroups=#!topic/android-developers/gOVZ0DF7ccg
• http://grokbase.com/t/gg/android-developers/121j6ypxkb/revoke-permissions-to-access-google-accounts

Even uninstalling and re-installing the app doesn't help.

This might be the way on a rooted device: How do you force AccountManager to show the "Access Request" screen after a user has already allowed access?

Answer 4

You need to programmatically revoke the token. First, try out the example app posted at: https://developers.google.com/drive/quickstart-android

This example app displays the dialog to let you pick an account, then takes a photo and then uploads it to Google Drive. One important thing I discovered is that this sample app will eventually fail. I discovered that the camera portion of the app causes crashes. So disable the camera part of the code and just replace the file with some file on an SD card and upload the file to Drive instead.

To revoke the permission to use Drive, you need to execute the following code:

String token = credential.getToken();


HttpRequestFactory factory = HTTP_TRANSPORT.createRequestFactory();
GoogleUrl url = new GoogleUrl("https://accounts.google.com/o/oauth2/revoke?token=" + token);
HttpRequest request = factory.buildGetRequest(url);
HttpResponse response = request.execute();

Refer to the sample code on how to access the credential variable. Also, you must run the above code in a thread that is not on the main thread or it will fail.

You also need to add the following permissions. The sample code fails to indicate these permissions and without them the app will crash:

<uses-permission android:name="android.permission.ACCOUNT_MANAGER" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />

If Eclipse complains that some of those permissions are only granted to the system, just run Clean Project and it will remove the warning. After you have done this, you should uninstall the app and reboot the device. For more information about revoking tokens, see the section "Revoking a Token" at:

https://developers.google.com/accounts/docs/OAuth2WebServer

Answer 5

After struggling to revoke authorisation for Gmail API permissions granted on my Android app (still in debug), I worked out that it does appear on https://security.google.com/settings/security/permissions like @David Waters mentions (it's a new link but goes to the same place) but only if you've properly enabled the API via the Google Developers Console . This means properly adding your OAuth 2.0 client ID, even if the app is still in development and in Debug Mode.

There's a very good guide on how to add your credentials on the Android Quickstart guide on the Gmail API site (Steps 1 & 2).

Answer 6

Using Google Play Services:

http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html

Add https://www.googleapis.com/auth/userinfo.profile to your scope.

Example:

String scope="oauth2:https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"

final String token = GoogleAuthUtil.getToken(context, "xxxx@gmail.com", scope);

OR "brute force"

Intent res = new Intent();
res.addCategory("account:xxxx@gmail.com");
res.addCategory("scope:oauth2:https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile");
res.putExtra("service", "oauth2:https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile");
Bundle extra= new Bundle();
extra.putString("androidPackageName","com.your.package");
res.putExtra("callerExtras",extra);
res.putExtra("androidPackageName","com.your.package");
res.putExtra("authAccount","xxxx@gmail.com");

String mPackage = "com.google.android.gms";
String mClass = "com.google.android.gms.auth.TokenActivity";
res.setComponent(new ComponentName(mPackage,mClass));
startActivityForResult(res,100);

Now, when you revoke the access here https://accounts.google.com/IssuedAuthSubTokens the application shows you the window for permission again in the device.

Answer 7

You can revoke account permissons on ...

https://security.google.com/settings/security/permissions

You can get there by [Account Settings] > [Account Permissions]

Proof that this answer is the real deal:

Answer 8

查看您的AndroidManifest文件。