Disconnect all sessions/revoking access for all apps of a user

Nextcloud version : 13.0.6

Hello Nextclouders.

On my users security settings page i see all logged in clients. But the list is very long. Like 10 screens just filled with 3 apps with many sessions/logins for almost every minor version for the last two years.

screenshot

Is it possible to revoke access to these old versions/all apps? I know i can revoke access manually, but that would take hours and several thousands of clicks.

Thank you very much.

Did not want to wait and came up with this solution:

Go to your personal security site.
Open developer tools of your browser (Firefox) and select the network tab.
Revoke access to the oldest app.
Right click on the DELETE and choose “copy as curl”.
delete request

Create a bash script file with the following content. But replace curl line. Then remove the URL from the curl line and replace it as in the example below.

#set -x # for debugging in bash
token=1 # first token to delete
url=https://example.tld/nextcloud/index.php/settings/personal/authtokens/
for i in {1..9999} # 9999 round
do 
	echo "token: $token" # so you see the progress
	curl $url$token -X DELETE -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Accept-Language: de,en;q=0.5' --compressed -H 'requesttoken:<<<<<censored>>>>>' -H 'OCS-APIREQUEST: true' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; <<<<<censored>>>>>; oc_sessionPassphrase=<<<<<censored>>>>>; oc_music_volume=56' -H 'DNT: 1' -H 'Connection: keep-alive'
	((token++)) # increase the number
done

This is not efficient, and there is probably a way to get the list of tokens that are actually in use. But i wasn’t feeling like researching much for this issue.

If you have a more efficient solution feel free to answer below.

This is an older topic but the information is still relevant and was still useful to me (with Nextcloud 24.0.2). So I thought I’d share the small improvement that I could make to what was already provided. I haven’t found any other way to do this

While doing what was described earlier, you can revoke the first and the last session in the list manually. This gives you the start and end token for this list in the dev console. You can also improve the loop by just iterating over these tokes. the code from earlier becomes like this. With 12345 being the first token, from the bottom of the list, and 22345 being the last token, from the top of the list.

url=https://example.tld/nextcloud/index.php/settings/personal/authtokens/
for token in {12345..22345}
do 
	echo "token: $token" # so you see the progress
	curl $url$token -X DELETE -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Accept-Language: de,en;q=0.5' --compressed -H 'requesttoken:<<<<<censored>>>>>' -H 'OCS-APIREQUEST: true' -H 'X-Requested-With: XMLHttpRequest' -H 'Cookie: nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; <<<<<censored>>>>>; oc_sessionPassphrase=<<<<<censored>>>>>; oc_music_volume=56' -H 'DNT: 1' -H 'Connection: keep-alive'
	((token++)) # increase the number
done