Identity provider - handling user revokes app access (github/bitbucket)

talkl120 · January 7, 2021, 2:03pm

Hello,

I’m building a next js web app that has github and bitbucket as identity providers and cache their access token in order to access their rest api.
I’m wondering how should I handle revoked app access manually by the user?

by that I mean that if a user entered their Github/Bitbucket account and revoked my app from accessing their account, how should I know about it in my app, and how I should handle it with auth0 such that the user will be prompted to authorise again my app?

Thank you,
Tal

stephanie.chamblee · January 7, 2021, 7:19pm

Hi @talkl120,

Which Auth0 SDK are you using in your application?

I’m doing some research on this and will let you know what I find!

Thanks,

Stephanie

talkl120 · January 7, 2021, 7:53pm

Auth0/nextjs-auth0

Thnx

stephanie.chamblee · January 8, 2021, 2:34pm

Here is one solution that comes to mind–When the request to the GitHub/BitBucket API is called with a revoked token, the response should be a 403. Your app could handle this error by logging the user out of the application (docs). Have you tried out this approach?

talkl120 · January 9, 2021, 10:10am

yeah i’ll guess i’ll have to test what happens when i revoke the app and implement some kind of an interceptor with axios. will update