I am refering to Kown Issues: Site-scoped grants limitations of the OAuth 2.0 (3LO) apps documentation.
With site-scoped grants, an access token can have access to multiple sites. This means that an app can’t delete an access token to revoke access. For example, an access token could grant access to site A, then delete it to remove access. However, if the user grants the app access to site C later, the app will be issued with an access token with access to sites A and B. The only way access can be removed is for the user to revoke access via the Connect apps tab in their account settings at
https://{subdomain}.atlassian.net/people/{account_id}/settings/apps
.
At least for me this isn’t working, the constructed URL redirects
https://{subdomain}.atlassian.net/people/{account_id}
The only way to revoke access is via
https://id.atlassian.com/manage-profile/apps
which revokes the complete access but not for single sites.
Can anyone point me into the right direction?