09-18-2017 01:38
09-18-2017 01:38
After obtaining consent from the user to collect data, what if the user would like to revoke access ? I know that there is a Revoke endpoint :
POST https://api.fitbit.com/oauth2/revoke
But what concerns me are the cookies stored by the browser while obtaining consent.
If the cookies are not removed, you can obtain consent again transparently.
Shouldn't we use a disconnect page to clear the cookies ?
Thanks in advance.