How to define the revoke action for external authentication

One of the actions the provider configuration is revokeToken . The revoke token action is called when revoking a token from your Atlassian account. How should the revoke token action be configured for providers that do not advertise a revoke token endpoint? I have not been able to find it for github for example.

I tried to leave the path empty to indicate that such an endpoint is not available for that provider, but the manifest requires the revokeToken action. The solution I came up with was to implement a remote of our own with such an endpoint.

Did I fail to find to revoke token endpoint for github? Any suggestions on a better solution? Wouldn’t it be better if revokeToken was not required?

1 Like

Yes, it would be better if revokeToken was not required, definitely.

As you noted, the workaround would be to put in a dummy path, and as long as its a 200 response code it should be fine. So something like the HTML homepage would be okay.

1 Like

Hi @g.j.streek, the revokeToken action is now optional as of Forge CLI version 4.1.1 :tada:


Great, thanks for the update