This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Passing revoked refresh token is not breaking the flow

Posted on 05-28-2018 07:06 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I have created a proxy to revoke access and refresh token. When I am passing the revoked access_token again to revoke, I have GetOAuthV2Info policy in flow which is throwing 'The access token has been revoked' error(I hope that's exacted behavior)

but while passing revoked refresh_token the GetOAuthV2Info policy is not throwing any error and I am able to get the info of revoked refresh_token. Although that refresh_token is already revoked as I am not able to generate the access_token using that refresh_token

Is this the expected behavior of GetOAuthV2Info policy in case of revoked refresh_token?

<GetOAuthV2Info name="GetOauthRefreshTokenID">

<RefreshToken ref="requestToken"></RefreshToken>

</GetOAuthV2Info>

1 2 239
Topic Labels
2 REPLIES 2