The doc on OAuth 2.0 (3LO) apps says:
The only way access can be removed is for the user to revoke access via the Connect apps tab in their account settings at https://{subdomain}.atlassian.net/people/{account_id}/settings/apps
(Doc link: https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/#known-issues )
But that url seems to just go to the user's general page, with no settings or Connect apps tab for the user.
If a user provides access to two sites for an OAuth 2.0 app, can they later revoke access for just one site? If so, where/how?
Thanks!
Only one grant exists per app for a given Atlassian account. If a user grants access to more than one Atlassian site for this app, then the additional sites are added to the same grant. This means that existing access tokens will give you access to all sites and scopes that a user has granted your app access to.
The only way access can be removed is for the user to revoke access via the Connect apps tab in their account settings.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.