So a deauthorization request provides an account id / user id. However, as an app using oauth flow, I do not have this value unless I requested user scope and retrieved /users/me… So how is an app supposed to know which account to deauthorize?
I see that the decoded oauth access_token contains uid and aid in its payload but surely we’re not supposed to rely on that!