We're using OPDK 4.17.01.
With reference to the following page, I created API Proxy which revokes access tokens by End User ID and App ID.
https://community.apigee.com/questions/11530/retrieving-and-revoking-tokens-by-external-user-id.html
If access tokens matching the condition exist, the response code 202 and the number of revoked access tokens are returned. After that , when I call Management API that retrieves access tokens by the same conditions (End User ID and App ID) as the revocation API ,an empty array is returned because there are no matching access tokens. This is as expected.
However, when I call Management API that gets details of a access token, only the access token that validated during the processing of 1 is still in the status "approved". The End User ID and the App ID of this valid access token are the same as the End User ID and the App ID when the Management API revoking access tokens was executed in the processing 4 described above.
Is this a bug?
Apparently, the Management API response seems to be a cache. When querying directly to Keyspace of Cassandra, the status of the access token was "revoked".
But, I don't know how long the Management API cache is valid.