This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Invalidate access token if new scopes are requested.

Posted on 06-01-2020 11:31 AM
openapidev
New Member
Reply posted on --/--/---- --:-- AM

Hello,

What is the best way to invalidate an existing access token without knowing its value?

We want to implement incremental authorization flow. If the client requests new scopes we want to invalidate an existing access token using app id and user id and then generate new access token including old and new scopes.

Is it possible without using Management API which provides operation for fetching access token using app id and user id? Can we achieve the same inside proxy itself?

thanks

0 1 301
Topic Labels
0 Likes
1 REPLY 1
Top Solution Authors
View all