My app allows users to authorize access to their Google Drive via OAUTH. I provide a way to “unlink” their Google Drive from my app. When they request this, I discard their current access token and their refresh token, so things are done from my side.
Is there any way to remove the authorization scopes initially enabled during OAuth from Google’s side?
To be specific, I’d like my app to stop being listed for the user on:
https://accounts.google.com/b/0/IssuedAuthSubTokens
I’m not sure if that’s a good permanent URL (/b/0/ looks suspicious..)
Yes, you can explicitly revoke the token.
https://developers.google.com/accounts/docs/OAuth2WebServer#tokenrevoke