Identity provider - handling user revokes app access (github/bitbucket)


I’m building a next js web app that has github and bitbucket as identity providers and cache their access token in order to access their rest api.
I’m wondering how should I handle revoked app access manually by the user?

by that I mean that if a user entered their Github/Bitbucket account and revoked my app from accessing their account, how should I know about it in my app, and how I should handle it with auth0 such that the user will be prompted to authorise again my app?

Thank you,

Hi @talkl120,

Which Auth0 SDK are you using in your application?

I’m doing some research on this and will let you know what I find!





Here is one solution that comes to mind–When the request to the GitHub/BitBucket API is called with a revoked token, the response should be a 403. Your app could handle this error by logging the user out of the application (docs). Have you tried out this approach?

yeah i’ll guess i’ll have to test what happens when i revoke the app and implement some kind of an interceptor with axios. will update

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.