Build a _revoke flow

This is an Early Access feature for existing Workflows users. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features.

_revoke is a system flow that allows a builder the ability to revoke an OAuth 2.0 (or other token based auth) token. A connector’s _revoke method is invoked when a connection is deleted from the platform or when a user requests their data be deleted (for example, for compliance with General Data Protection Regulation). Revoke flows are not displayed to the end user and are only used by the platform. The revoke flow has no Options or Input fields.

Note

Not all OAuth services have a revoke endpoint.

Caution

To test a token revocation from the Test Connections page, you must first deploy a local connector to your org that contains an active revoke flow. The revoke flow doesn't need to be named _revoke.

  1. Create a new flow under the Flows tab by clicking + New Flow in the upper right corner of the page.

  2. At the far left of the page, click Revoke.

  3. Click the Save button in the toolbar and name the flow _revoke.

  4. In the flow description field, type Revoke an access token from the {your service} service, check the Save all data that passes through the Flow box, and click Save.

  5. Add an Error Handling If Error card as the first card in the flow.

  6. Add the Flow Control Call Flow card inside the Try section of the card.

  7. Click on the Choose Flow button and select the httpHelper flow that you created previously. The card will automatically populate with the inputs defined in the httpHelper flow.

  8. Manually enter the relative URL for the revoke endpoint.

  9. Manually enter the request method. This is most likely a POST.

  10. Drag the auth object from the Connector Authping card to the Connection input field of the Call Flow card.

  11. Enter any additional information required for the call in the query, headers, or body field. You may need to add an Object Construct card before the Call Flow card to build out any necessary objects.

  12. For the outputs on the Helper Flow card, define the same keys as on the httpHelper flow’s outputs:

    • status_code (Number)

    • headers (Object)

    • body (Object)

  13. Add a Flow Control Assign card to the right of the Call Flow card that's inside the If Error function. Click Click or drop here to create and name the field message.

  14. Manually add a success message in the new field. For example, The access token was successfully revoked.

  15. Click on the View Outputs link at the top right of the Error If card to expand the card's outputs section.

  16. In the outputs section, click Click or drag to create and enter status_code. Two inputs will appear that read Drag output here.

  17. Drag the status_code output field from the Call Flow card into the top of the two inputs under the status_code field.

  18. In the outputs section, click Click or drag to create and enter message.

  19. Drag the message output field from the Assign card into the top of the two inputs under the message field.

  20. Select the dropdown at the top of the If Error card and select If Error. This is where any service specific error handling can be managed.

  21. Depending on the service, add additional keys to the Error object in the left panel of the If Error card to pull the status code and error message from the object returned by the service. To add keys, click Enter key name.

  22. Drag these new keys into the corresponding outputs of the If Error card.

  23. Add a Branching Assign If card to the right of the Error Handling If Error function card.

  24. Drag the status_code field from the If Error card outputs into the value a field of the Assign If card, and make sure the comparison is set to equal to.

  25. In the value b field, enter the status code of a successful request. In most cases, this will be 200.

  26. Change the data type on the value if true field to True/False and set the value to True.

  27. Change the data type on the value if false field to True/False and set the value to False.

  28. Change the data type on the output field to True/False, and change the name of the field to revoked.

  29. Drag the revoked field from the Assign If card into the revoked input field on the Return card.

  30. Add an Object Construct card to the end of the flow.

  31. Click Click or drop here to create and add a label named unregisterURL.

  32. Enter the a URL for where the user should go to manually remove access to the service. For example, https://www.spotify.com/us/account/apps/.

  33. Click Click or drop here to create and add a label named text. This is the text that will appear to the end user if the token revocation fails for some reason. Enter a message in this field. For example, We were unable to completely revoke access to Spotify. Please visit your account page to manually remove access.

  34. Rename the output of this Construct card as message, and drag it into the message input field on the Return card.

  35. Add an Object Construct card.

  36. Click Click or drop here to create and add a label named statusCode.

  37. Drag the status_code field from the If Error card outputs into the new statusCode field of the Construct card.

  38. Add another input field to the Construct card and name it body.

  39. Drag the message output field from the If Error card outputs into the body field on the Construct card.

  40. On the Object Construct card, rename the output field to serviceResponse.

  41. Drag the serviceResponse output field from the Construct card into the serviceResponse field on the Return card.

  42. Click Save and Test.

Next steps

Test your flows

Check Flow History

Deploy your connector