What is the best / correct way to "disconnect" a OAuth connection using the FOSOAuthServerBundle? I know that OAuth is stateless and that "disconnecting" means to delete / revoke the users access and refresh tokens to prevent further requests.
So the question is if the FOSOAuthServerBundle provides any build in methods to delete the tokens for a given user and client or do I need to implement this my self?
Context:
I have build a web services using Symfony 3.4 and the FOSOAuthServerBundle. Users can link an Amazon Alexa skill to their user account and access their data.
Once the skill was linked to the web app account in the Alexa App Amazon does not provide any "logout" feature. Alexa will only delete the access / refresh tokens when the skill is disabled. I would like to provide a "Logout" intent within the skill which triggers the web service to revoke the user tokens.
Additionally I would like to add an option to the user backend within the web service which does the same. Thus the user can end the "connection" both within the skill and the web service.
A Symfony 3.4 based web services lets users update, change, query user data using an Amazon Alexa Skill. The skill is linked to the user account using OAuth
