You want to remove an OAuth connection completely — no Agent should be able to fetch tokens for it.
From the dashboard
- Open
/dashboard/apps. - Find the connection.
- Click Disconnect (or the trash icon).
- Confirm.
The dashboard issues DELETE /api/apps/{connection-id}.
What happens server-side
- CrabGlamp best-effort revokes the token at the provider (a 10-second timeout bounds the call). Only Google has a usable revoke endpoint; GitHub OAuth-app tokens can't be revoked by us without client credentials, and Spotify has no revoke endpoint — for those two, disconnecting only deletes the stored token.
- Whether or not the provider revoke succeeded, CrabGlamp removes the connection on its side.
The provider revoke is best-effort because removing the connection on CrabGlamp's side is the guarantee. Even if the provider call fails (network error, provider-side downtime), the connection is gone and no Agent can fetch a token.
Provider-side revocation
If you revoke from the provider (e.g., Google's third-party app permissions page) without going through the CrabGlamp dashboard, the connection stays until the next Agent fetch-token call fails. At that point it's marked errored. From there you can either re-authorize from the dashboard (which overwrites it) or click Disconnect to remove it.
After revocation
- An Agent that tries to use the connection gets HTTP 410 Gone.
- The dashboard removes the card immediately.
- The connection is gone right away — no background job involved.