New webhook event for GitHub Apps using User-to-Server tokens

If your GitHub App identifies or authorizes users, those users have the option to revoke the GitHub App authorization from their settings page.

Previously, your GitHub App had no way of knowing when this occurred and may have continued to make User-to-Server requests with the now revoked access token, leading to a 401 Bad Credentials error.

Today, we're introducing the github_app_authorization webhook event, which will be delivered to your GitHub App whenever a user revokes their authorization. The event action is revoked as you can see in the example webhook payload below:

  "action": "revoked",
  "sender": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjIxMDMxMDY3",
    "avatar_url": "",
    "gravatar_id": "",
    "url": "",
    "html_url": "",
    "followers_url": "",
    "following_url": "{/other_user}",
    "gists_url": "{/gist_id}",
    "starred_url": "{/owner}{/repo}",
    "subscriptions_url": "",
    "organizations_url": "",
    "repos_url": "",
    "events_url": "{/privacy}",
    "received_events_url": "",
    "type": "User",
    "site_admin": false

If you have any questions or feedback, please let us know!