VerifyAccessToken fails after updating accessToken for external accesstoken

Not applicable

Hi

I need to

1. Use externally created AccessToken and RefreshToken.

2. In first pass

  • I can successfully create AccessToken and RefreshToken
  • I can successfully VerifyAccessToken

3. In second pass

  • I revoke current AccessToken and RefreshToken
  • Create new AccessToken and RefreshToken
  • Now VerifyAcessToken fails with error invalid_access_token

3a. Alternative

I've also tried using RefreshToken instead of revoke and generate

but it fails with error invalid_request

Please help.

Thanks

Vi

0 1 140
1 REPLY 1

I don't understand. Which token are you revoking? After you revoke a token, VerifyAccessToken should reject the token, right? You're not expecting the revoked token to be validated, are you?

If you have separate access tokens, the VerifyAccessToken on the 2nd access token is independent of the revoke on the first token.

This flow works:

  • create token1
  • verify token1 - succeeds as expected
  • revoke token1
  • verify token1 - rejects token as expected (*subject to caching)
  • create token2
  • verify token2 - succeeds. it has nothing to do with token1

I think you need to get RefreshToken working correctly, if you want to refresh a token.

Also, you may need to skip the Revoke token step; if you set the token expiry correctly, then you can let the token expire naturally. No need to explicitly revoke it.