When I send a request to /api/v2/device-credentials/{id} to delete a refresh token, does it deletes just this token or all refresh tokens that were issued for the same user with the same grants (like /oauth/revoke endpoint) ?
DELETE /api/v2/device-credentials/{id} for revoking refresh token same behaviour than /oauth/revoke?
The /oauth/revoke
endpoint revokes the entire grant not just a specific token. Each revocation request invalidates all the tokens that have been issued for the same authorization grant.
The /api/v2/device-credentials/{id}
endpoint deletes specific token. This call requires you to provide specific RT id as param
1 Like