Identity provider - handling user revokes app access (github/bitbucket)

talkl120 · January 7, 2021, 2:03pm

Hello,

I’m building a next js web app that has github and bitbucket as identity providers and cache their access token in order to access their rest api.
I’m wondering how should I handle revoked app access manually by the user?

by that I mean that if a user entered their Github/Bitbucket account and revoked my app from accessing their account, how should I know about it in my app, and how I should handle it with auth0 such that the user will be prompted to authorise again my app?

Thank you,
Tal

stephanie.chamblee · January 7, 2021, 7:19pm

Hi @talkl120,

Which Auth0 SDK are you using in your application?

I’m doing some research on this and will let you know what I find!

Thanks,

Stephanie

talkl120 · January 7, 2021, 7:53pm

Auth0/nextjs-auth0

Thnx

stephanie.chamblee · January 8, 2021, 1:00pm

Here is one solution that comes to mind–When the request to the GitHub/BitBucket API is called with a revoked token, the response should be a 403. Your app could handle this error by logging the user out of the application (docs). Have you tried out this approach?

talkl120 · January 9, 2021, 10:10am

yeah i’ll guess i’ll have to test what happens when i revoke the app and implement some kind of an interceptor with axios. will update

system · January 24, 2021, 10:10am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Bitbucket token renewal Get Help	2	2844	January 9, 2020
How to handle access decline gracefully with @auth0/nextjs-auth0? Get Help	3	3994	July 28, 2022
Refreshing Github Idp access token Get Help	1	3502	February 11, 2021
Access Github API after authorizing user Get Help github	2	3331	January 28, 2020
"unauthorized (Access denied.)" after login Get Help auth0 , login , nextjs , blog	4	5066	December 15, 2021

Identity provider - handling user revokes app access (github/bitbucket)

Related topics