This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Revoke access token by App takes care of refresh tokens ?

Posted on 09-19-2016 05:05 PM
madhans
Staff
Reply posted on --/--/---- --:-- AM

http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/oauth2/revoke

When revoking access tokens the associated refresh tokens seem to be revoked too, but need a confirmation to update @docs

Solved Solved
0 2 146
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
willwitman
Staff
Reply posted on --/--/---- --:-- AM

@Madhan Sadasivam

I added a note to the API doc you mentioned stating that when an access token is revoked, its refresh token becomes unusable (revoked, essentially). This is explained in more detail here in a note under the "cascade" element. Is this what you're seeing? (See also APIRT-1390).

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
willwitman
Staff
Reply posted on --/--/---- --:-- AM

@Madhan Sadasivam

I added a note to the API doc you mentioned stating that when an access token is revoked, its refresh token becomes unusable (revoked, essentially). This is explained in more detail here in a note under the "cascade" element. Is this what you're seeing? (See also APIRT-1390).

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
madhans
Staff
In response to willwitman
Reply posted on --/--/---- --:-- AM

Thanks @wwitman. To reiterate for any future viewers, the API does not provide a cascade option and behaves as if cascade=true always.

Jump to Solution
0 Likes