We offer the ability for a user to connect shopify to our service, we also offer the ability to disconnect. Some oauth Providers allow us to revoke access via the api. so that the user can do it in one place.
Is there a webhook enabled for when someone revokes access to our app, or is there an endpoint so that we can post that a users oauth access to our app should be terminated?
Why can you not just function with your persistence layer in the App? If someone chooses to uninstall your App, you get a notification, so you can erase their oAuth token from your App and hence they cannot use it anymore with that token. And if you want to "erase" their token without them having uninstalled your App, simply erase the token from your DB, and they will be forced to re-install and get a new token.
Seems to cover your use case does it not? What would invalidating their token using an API call be superior to simply erasing the copy you have? I am simply curious.. no worries...