Alter Google Account Disconnect Process to Revoke Access Through Google
Opened this issue · 0 comments
Describe the solution you'd like
Currently, the way we handle disconnecting a Google Calendar Account is to simply delete it from the DB. While reading through some Google Calendar API documentation, I came across the following:
In some cases a user may wish to revoke access given to an application. A user can revoke access by visiting Account Settings. See the Remove site or app access section of the Third-party sites & apps with access to your account support document for more information.
It is also possible for an application to programmatically revoke the access given to it. Programmatic revocation is important in instances where a user unsubscribes, removes an application, or the API resources required by an app have significantly changed. In other words, part of the removal process can include an API request to ensure the permissions previously granted to the application are removed.
Describe alternatives you've considered
An alternative is that we continue to simply delete it from our DB, however this would still count against our User Cap whereas revoking the application may remove that user from counting against our cap.
Additional context
Code snippet from the page:
requests.post('https://oauth2.googleapis.com/revoke',
params={'token': credentials.token},
headers = {'content-type': 'application/x-www-form-urlencoded'})