In OAuthv2 we get these 2 operations - ValidateToken and InvalidateToken for which I have created separate proxy endpoints. But there are no flow variables that are populated for them, So not sure based on which identifier I can rate / quota limit the calls to these endpoints.
https://docs.apigee.com/api-platform/security/oauth/validating-and-invalidating-access-tokens
The client id will be available after the validation. You can use that or you can make oauth token itself as identifier
To invalidate you can put the same refresh token as identifier
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |