Revoke oauth authorizations you've granted to third-party apps using your self-hosted PDS
hello.j23n.com
pds-oauth-revoke
edited
1# Your PDS data lives here, unless you manually changed it when setting up your PDS
2$ cd /pds
3
4# The oauth tokens live in account.sqlite3
5# There's a bunch of tables in here, the one we are interested in is 'token'
6#
7# $ sqlite3 account.sqlite -header -column "SELECT * FROM token;"
8# id did tokenID createdAt clientId
9# -- ---------------- ------------ ------------------------ ------------------------
10# 0 did:plc:abcd1234 tok-abcd1234 2025-09-28T10:02:48.063Z https://leaflet.pub/api/oauth/metadata
11# 1 did:plc:abcd1234 tok-zyxw9876 2025-09-28T10:02:48.063Z https://tangled.org/oauth/client-metadata.json
12#
13# Deleting the relevant entry will revoke access to that client.
14# Here I am going to delete the leaflet entry.
15
16$ sqlite3 account.sqlite "DELETE FROM token WHERE clientId = 'https://leaflet.pub/api/oauth/metadata';"
17
18# With that, leaflet no longer has write access to my PDS
19# I also had to manually clear my browser cache for leaflet to recognize that it no longer
20# had write access.
21# If you want to use leaflet again, just sign in once more.