Account linking with Google Sign-in: Is there a way to know when a user has revoked/removed access via their Google Account settings?

Question

we're using account linking with Google Sign-In, and store the user information in the Firebase auth database, similar to what is described here: https://developers.google.com/assistant/identity/google-sign-in

If a user later goes to their Google account settings and removes our action (i.e. revokes access), is there any way we can know that this happened, so that we can remove them from our Firebase auth database (plus remove any other data, as needed)?

I've searched far and wide but haven't found a clear answer to this anywhere, so any pointers and help much appreciated!

Answer 1

Take a look at registering for Cross Account Protection (RISC) notifications. This will let you register a webhook that will receive notifications in the event a user account has been compromised, if they remove authorization, etc.