Hi,
When I delete a grant that is through a Microsoft connector, I am finding that the application access is not removed from the Microsoft side of things. Example test:
- Went through hosted OAuth flow and connected to a Microsoft email
- I can see the grant in the Nylas dashboard
- Logged into my Microsoft and navigated to the privacy tab and viewed the app access. All looked normal
- Revoked the grant via the API (using the Python SDK nylas.grants.destroy)
- Verify that the grant is gone from the Nylas dashboard. Logs seem to look okay too (although there are two DELETE entries … not quite sure I understand that). Info for a Nylas employee if applicable. The request ID in this case was: 750691822-96722e4e-a5b3-457f-be8b-7fba7c016f0e
- Refresh the Microsoft page. I still see the app there.
- I also note that if I go back through the OAuth flow, it is clear the access still exists on the Microsoft side because the flow doesn’t present the “access/deny” screen asking for whether I want to allow those permissions/scopes. The only way I get asked to approve those permissions is if I first delete the access in the Microsoft account settings.
When I do this equivalent test with a Google account, the application is actually removed from the Google side.
Anyone have insight into this? Perhaps I haven’t set up the Microsoft connector correctly?
Thanks,
Mark