I’m building a next js web app that has github and bitbucket as identity providers and cache their access token in order to access their rest api.
I’m wondering how should I handle revoked app access manually by the user?
by that I mean that if a user entered their Github/Bitbucket account and revoked my app from accessing their account, how should I know about it in my app, and how I should handle it with auth0 such that the user will be prompted to authorise again my app?
Here is one solution that comes to mind–When the request to the GitHub/BitBucket API is called with a revoked token, the response should be a 403. Your app could handle this error by logging the user out of the application (docs). Have you tried out this approach?