Channels
announcements
ask-gpt
general
talk-network
talk-kratos
talk-hydra
talk-oathkeeper
talk-keto
talk-selfhosting
talk-contributors
Powered by
#talk-hydra
Title
a
acceptable-fall-94281
03/11/2022, 1:37 PM
Hi All, when we are revoking access token, the refresh token associated with the session is also getting revoked. we are using '/oauth2/revoke' endpoint. Is this an expected behavior? is there a way to revoke the access token alone?
m
magnificent-energy-493
03/11/2022, 1:47 PM
No, I don't think you would need to revoke the access token alone? Are you looking to revoke the consent sessions instead maybe?
https://www.ory.sh/docs/hydra/reference/api#lists-all-consent-sessions-of-a-subject
For reference this might also be helpful:
Access and Refresh Tokens aren't Sessions
a
acceptable-fall-94281
03/11/2022, 2:11 PM
we are looking for a capability like the one mentioned here
https://developer.okta.com/docs/guides/revoke-tokens/main/#revoke-only-the-access-token
this allows to revoke only the access token without affecting the refresh token
m
magnificent-energy-493
03/11/2022, 2:20 PM
Then you should use this endpoint, it revokes the consent session and invalidates all associated access tokens
https://www.ory.sh/docs/hydra/reference/api#operation/revokeConsentSessions
a
acceptable-fall-94281
03/11/2022, 2:40 PM
this end point also revokes the refresh token associated, we tested it.
2 Views