Stay organized with collectionsSave and categorize content based on your preferences.
Overview
User consent to share an ID token can be revoked.
Users signing in for the first time are prompted for consent to share their
Google Account profile information with your platform.
If user consent is given a JSON Web Token (JWT)credentialknown as an
ID token is shared when any of the Sign In With Google, One Tap or Automatic
sign-in buttons are loaded.
A common scenario is for a new user account to be created on your platform
during sign up. Later, a user may choose to delete their account and "unlink"
your platform from their Google Account, stopping ID token sharing.
Calling the revoke method requires the Google Account owner to re-consent to
share the ID token on their next visit to your site.
Revocation methods
Google uses an OAuth 2.0 grant to manage user consent and ID token sharing to
your platform's Client ID. Revoking consent stops Google from sharing the
ID token when the client library is loaded by any pages on your site.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-19 UTC."],[[["\u003cp\u003eUser consent to share an ID token, allowing your platform access to their Google Account profile information, can be revoked at any time.\u003c/p\u003e\n"],["\u003cp\u003eUsers can revoke consent either through their Google Account settings or your platform can initiate it programmatically using the \u003ccode\u003egoogle.accounts.id.revoke\u003c/code\u003e method.\u003c/p\u003e\n"],["\u003cp\u003eRevoking consent requires the user to re-consent to share their ID token when they next visit your site, essentially "unlinking" your platform from their Google Account.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003egoogle.accounts.id.revoke\u003c/code\u003e method specifically manages ID token sharing and does not affect OAuth2.0 authorization scopes or grants.\u003c/p\u003e\n"]]],[],null,["# Revoke ID tokens\n\nOverview\n--------\n\nUser consent to share an ID token can be revoked.\n\nUsers signing in for the first time are prompted for consent to share their\nGoogle Account profile information with your platform.\n\nIf user consent is given a JSON Web Token (JWT)\n[credential](/identity/gsi/web/reference/js-reference#credential) known as an\nID token is shared when any of the Sign In With Google, One Tap or Automatic\nsign-in buttons are loaded.\n\nA common scenario is for a new user account to be created on your platform\nduring sign up. Later, a user may choose to delete their account and \"unlink\"\nyour platform from their Google Account, stopping ID token sharing.\n\nCalling the revoke method requires the Google Account owner to re-consent to\nshare the ID token on their next visit to your site.\n\nRevocation methods\n------------------\n\nGoogle uses an OAuth 2.0 grant to manage user consent and ID token sharing to\nyour platform's Client ID. Revoking consent stops Google from sharing the\nID token when the client library is loaded by any pages on your site.\n\nThese methods can be used to revoke consent,\n\n1. Users sign in to their Google Account, find your app in the [Third-party apps with account access](https://myaccount.google.com/permissions) settings and select **Remove Access**.\n2. Your platform calls [`google.accounts.id.revoke`](/identity/gsi/web/reference/js-reference#google.accounts.id.revoke).\n\nThe following code sample shows how to use the `revoke` method. \n\n```transact-sql\n google.accounts.id.revoke('user@google.com', done =\u003e {\n console.log('consent revoked');\n });\n```\n\n\u003cbr /\u003e\n\n| **Key Point:** This method applies only to ID token sharing and cannot be used to manage OAuth2.0 authorization scopes. OAuth revocation methods cannot be used to manage ID token grants."]]
