We're using OPDK 4.17.01.
With reference to the following page, I created API Proxy which revokes access tokens by End User ID and App ID.
https://community.apigee.com/questions/11530/retrieving-and-revoking-tokens-by-external-user-id.html
The details are as follows.
- Set the OAuthv2 policy to ProxyEndpoint and validate the access token.
- Acquire End User ID and App ID from the access token after verification.
- Acquire base64 encoded credentials stored in KVM.
- Call Management API revoking access tokens, by specifying base64 encoded credentials in Authorization header, End user ID and App ID in query parameter. http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/oauth2/revoke
If access tokens matching the condition exist, the response code 202 and the number of revoked access tokens are returned. After that , when I call Management API that retrieves access tokens by the same conditions (End User ID and App ID) as the revocation API ,an empty array is returned because there are no matching access tokens. This is as expected.
However, when I call Management API that gets details of a access token, only the access token that validated during the processing of 1 is still in the status "approved". The End User ID and the App ID of this valid access token are the same as the End User ID and the App ID when the Management API revoking access tokens was executed in the processing 4 described above.
Is this a bug?
LinkedIn
Twitter
