Feature:
We would like to have some more information to be added to the “srrt” log event. As we use the organizations feature in our tenants, the refresh tokens are often issued in an organization context. When a token is revocated, we don’t have the information anymore for which organization this token was issued.
We plan to implement some cleanup steps in case of a revocation and for this we would need the org_id.
Description:
The current schema is described here:
As the org_id in an essential part of the authorization process and will be part of every access token that is received when exchanging the refresh token, it should also be part of the revocation log event.
Use-case:
We have some integrations to 3rd party applications where users of our application can create connections to. This connection will also be created as a record in one of our databases. If the user cancels the connection on the partner application, they are invalidating the refresh token. In this case we want to cleanup our database to reset the connection status.
We can have the case where the same user creates connections to the same partner application with 2 different organizations. In case of a revocation, we cannot identify for which organization the connection was canceled.