stromb0li
Guest
offline
Repro:
1) Create OAuth2 Application; Public flow
2) Request an access token
3) Revoke the application via Admin CP or User Settings -> Applications.
4) Use of the access token will result in 401 forbidden when making an API call (as expected)
5) Use the existing refresh token to request a new access token. An access and refresh token is issued, application conscent is granted, and access to the API is resumed <- Not expected
Expected behavior: access and refresh token would both be revoked...
Read more
Continue reading...
1) Create OAuth2 Application; Public flow
2) Request an access token
3) Revoke the application via Admin CP or User Settings -> Applications.
4) Use of the access token will result in 401 forbidden when making an API call (as expected)
5) Use the existing refresh token to request a new access token. An access and refresh token is issued, application conscent is granted, and access to the API is resumed <- Not expected
Expected behavior: access and refresh token would both be revoked...
Read more
Continue reading...