Magento 2 – How to Sign Out Using REST API

apiintegrationmagento2rest

Is there is a built in REST API for sign out in Magento because I looked in the reference and couldn't find?

Best Answer

Currently, my Magento version is 2.1.5, I cannot find the API for the "sign out" function. However, seem that Magento builds the revoked token by customer id method already.

vendor/magento/module-integration/Api/CustomerTokenServiceInterface.php

vendor/magento/module-integration/Model/CustomerTokenService.php::revokeCustomerAccessToken()

[NOT TEST MY CODE]

app/code/Vendor/Integration/etc/webapi.xml

<?xml version="1.0"?>

<routes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Webapi:etc/webapi.xsd">
    <route url="/V1/integration/customer/revoke" method="POST">
        <service class="Vendor\Integration\Api\CustomerRevokeTokenServiceInterface"
                 method="revokeCustomerAccessToken"/>
        <resources>
            <resource ref="anonymous"/>
        </resources>
    </route>
</routes>

app/code/Vendor/Integration/etc/di.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
    <preference for="Vendor\Integration\Api\CustomerRevokeTokenServiceInterface"
                type="Vendor\Integration\Model\CustomerRevokeTokenService" />
</config>

app/code/Vendor/Integration/Api/CustomerRevokeTokenServiceInterface.php

<?php

namespace Vendor\Integration\Api;
/**
 * Interface CustomerRevokeTokenServiceInterface
 * @package Vendor\Integration\Api
 */
interface  CustomerRevokeTokenServiceInterface 
{
    /**
     * Revoke token by customer id.
     *
     * @api
     * @param int $customerId
     * @return bool
     * @throws \Magento\Framework\Exception\LocalizedException
     */
    public function revokeCustomerAccessToken($customerId);
}

app/code/Vendor/Integration/Model/CustomerRevokeTokenService.php

<?php

namespace Vendor\Integration\Model;

use Magento\Customer\Api\AccountManagementInterface;
use Magento\Framework\Exception\LocalizedException;
use Magento\Integration\Model\CredentialsValidator;
use Magento\Integration\Model\Oauth\Token as Token;
use Magento\Integration\Model\Oauth\TokenFactory as TokenModelFactory;
use Magento\Integration\Model\ResourceModel\Oauth\Token\CollectionFactory as TokenCollectionFactory;
use Magento\Integration\Model\Oauth\Token\RequestThrottler;
use Magento\Framework\Exception\AuthenticationException;

class CustomerRevokeTokenService
    implements \Vendor\Integration\Api\CustomerRevokeTokenServiceInterface
{
    /**
     * Token Model
     *
     * @var TokenModelFactory
     */
    private $tokenModelFactory;

    /**
     * Customer Account Service
     *
     * @var AccountManagementInterface
     */
    private $accountManagement;

    /**
     * @var \Magento\Integration\Model\CredentialsValidator
     */
    private $validatorHelper;

    /**
     * Token Collection Factory
     *
     * @var TokenCollectionFactory
     */
    private $tokenModelCollectionFactory;

    /**
     * @var RequestThrottler
     */
    private $requestThrottler;

    /**
     * Initialize service
     *
     * @param TokenModelFactory $tokenModelFactory
     * @param AccountManagementInterface $accountManagement
     * @param TokenCollectionFactory $tokenModelCollectionFactory
     * @param \Magento\Integration\Model\CredentialsValidator $validatorHelper
     */
    public function __construct(
        TokenModelFactory $tokenModelFactory,
        AccountManagementInterface $accountManagement,
        TokenCollectionFactory $tokenModelCollectionFactory,
        CredentialsValidator $validatorHelper
    ) {
        $this->tokenModelFactory = $tokenModelFactory;
        $this->accountManagement = $accountManagement;
        $this->tokenModelCollectionFactory = $tokenModelCollectionFactory;
        $this->validatorHelper = $validatorHelper;
    }

    /**
     * {@inheritdoc}
     */
    public function revokeCustomerAccessToken($customerId)
    {
        $tokenCollection = $this->tokenModelCollectionFactory->create()->addFilterByCustomerId($customerId);
        if ($tokenCollection->getSize() == 0) {
            throw new LocalizedException(__('This customer has no tokens.'));
        }
        try {
            foreach ($tokenCollection as $token) {
                $token->setRevoked(1)->save();
            }
        } catch (\Exception $e) {
            throw new LocalizedException(__('The tokens could not be revoked.'));
        }
        return true;
    }

}

Remember to create registration.php and module.xml files.

We can use the revoke customer access token: /V1/integration/customer/revoke

Related Solutions

Magento – Rest API – Post method to magento/api/rest/products returns 404

Possible duplicate of: REST API returns 404 [closed], unfortunately OP didn't accept answer so a close vote could not be initiated, answer below:

The reason for the 404 error message is likely a missing configuration in the apache2.con File (/etc/apache2/apache2.conf).

To enable rewrites it is necessary to add the option 'AllowOverride All'

 <Directory /var/www/html/magento/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
 </Directory>

Be careful with the directory path in the Tag 'Directory'. The path must match the location of your Magento installation on the file system. After changing the configuration restart the Apache server.