Unable to revoke access for private OAuth2 3LO app

This problem makes app development a bit difficult :wink:
Confirmed by other person on another app. It works fine for public apps.

Hi @Grzegorz.Tanczyk

This is a recent regression caused by changes to support 3LO grants for Forge apps. A fix is actively in progress, and I’ll let you know when we have an update.

Sorry for the inconvenience!

1 Like

As a workaround, you can remove access for the app if you are able to make yourself a site administrator of the site(s) where you have installed the app.

@HeyJoe ! Thanks for the workaround, it works for now.

When revoking access on one of sites, my current authentication is lost, refresh token does not work, also to other sites, and I need to go through the auth flow once again (refresh token does not work).
After auth flow, granting access to the site, I regain access to other sites as well.

Should revoking access to one of sites behave like this?

Yes, I am fairly certain that revocation applies globally to all sites a user may have granted access to, even though access is granted on a site-by-site basis.