If I delete an App, from the Management UI or through the API, will the access tokens associated with that app be deleted automatically?
the tokens are not deleted, but they become invalid. If someone tries to use the token, they will get an error 'invalid_token'
That' right @Sandeep Murusupalli, as @mukundha@apigee.com as said the token will basically be invalid. This behaviour is the same as when you use the invalidate token option on oauth policy, or when you delete a product, or when you create new API keys. All the earlier tokens that were generated until that point will become invalid. However, what we noticed was that there might be a few (mili) seconds to achieve consistency across all instances especially on the cloud. So there could be a rare chance that a call fired within a small window after the app is deleted, will go through successful validation. However you will reach consistent state very shortly after.
Few points
1) There is a property at org level which can delete the tokens automatically from Cassandra once they are expired .
2) Accesstokens lying in database after an application is deleted can be a problem in some cases , its like stale data existing in the db which can cause space issues etc .
3) Deleting the tokens associated with deleted applications from application layer is a bad idea .
4) If we want to delete all the tokens from the db for some reason , the only best way I could think of is
delete the keys instead of the whole application and using a script delete all the tokens directly from tokens column family using the application name . // on private cloud .
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |