DELETE /api/v2/device-credentials/{id} for revoking refresh token same behaviour than /oauth/revoke?

lucasgranade · February 26, 2020, 4:21am

When I send a request to /api/v2/device-credentials/{id} to delete a refresh token, does it deletes just this token or all refresh tokens that were issued for the same user with the same grants (like /oauth/revoke endpoint) ?

tanver.hasan · June 11, 2020, 1:40pm

The /oauth/revoke endpoint revokes the entire grant not just a specific token. Each revocation request invalidates all the tokens that have been issued for the same authorization grant.

The /api/v2/device-credentials/{id} endpoint deletes specific token. This call requires you to provide specific RT id as param

Revoke Refresh Tokens

Topic		Replies	Views
Revoke Access token programatically Help refresh-tokens , refresh_token	8	11126	September 22, 2020
Querying Refresh Tokens Via the Management API Knowledge Articles	1	387	December 13, 2023
Refresh token revocation Knowledge Articles refresh-token , delete , grant , offline_access	1	1967	February 17, 2023
Invalid Refresh Token - Take 3 Help refresh-tokens	2	3616	December 18, 2018
Removing user_id limitation on getting rotating refresh tokens Help refresh-token-rotate	4	3124	August 11, 2020

DELETE /api/v2/device-credentials/{id} for revoking refresh token same behaviour than /oauth/revoke?

Related Topics