Currently the v3 API for deleting existing Authorizations (Tokens) requires Basic (username, password) authentication.
“message”: “This API can only be accessed with username and password Basic Auth”,
If the user of the app decides to delete their account / token, I need to ask them for credentials, possibly including an OTP to remove the existing oauth token. For context, this is a native client app, not a web app.
Delete an authorization is NOT mentioned in the Docs’ Deprecation Notice removing token support for some of the existing OAuth Authorization API. The Delete an authorization entry also does NOT mention that Basic Authentication is required.
Is it possible Basic Authentication requirement was added to Delete an authorization by mistake?
Is there another way to delete an existing authorization using that authorizations token? To put it another way, is there a way for an app to clean up after itself without user interaction? (I’m specifically thinking about uninstallation of the app or explicit account removal within the app)
Would if be possible to remove the Basic Auth requirement from Delete an authorization when an app is trying to delete it’s own authorization using that authorization’s associated token?
If not, would it be possible to at least remove the OTP requirement from Delete?