I am in the process of getting my app on the marketplace approved. One of the last things I have pending is a deauthorization flow. Currently, for authorizing, there is a URL I can use in which a user is able to accept or deny a request for authorization. Is there a way to do something similar with deauthorizing? I have been looking everywhere and I cannot find a single article on how to do a proper deauthorization flow, so here I am asking with hopes that I can get this resolved ASAP!
That part I do have done(except revoking access, that is pending). What I mean, is how do I go about the user removing the app. Do I have to just create a link from our webapp to Zoom to remove it from there? Or is there a way I can just call an API so that it is removed directly from my webapp?
@rmjuarez12 the user will remove the app themselves causing the deauthorization webhook to send to your endpoint. At that point, you revoke the user’s access token. Does that make sense?
The endpoint itself cannot remove data from your DB. Once you receive the notification to the endpoint, you can programmatically revoke the access token and remove their data
Hmmm how can I get the access token from the notification endpoint? According to the Deauthorization docs, the response I get does not contain the access token. How can I get the access token to be able to revoke it AFTER the user has removed the app?