https://www.ory.sh/ logo
#talk-hydra
Title
# talk-hydra
a

acceptable-fall-94281

03/11/2022, 1:37 PM
Hi All, when we are revoking access token, the refresh token associated with the session is also getting revoked. we are using '/oauth2/revoke' endpoint. Is this an expected behavior? is there a way to revoke the access token alone?
m

magnificent-energy-493

03/11/2022, 1:47 PM
No, I don't think you would need to revoke the access token alone? Are you looking to revoke the consent sessions instead maybe? https://www.ory.sh/docs/hydra/reference/api#lists-all-consent-sessions-of-a-subject For reference this might also be helpful: Access and Refresh Tokens aren't Sessions
a

acceptable-fall-94281

03/11/2022, 2:11 PM
we are looking for a capability like the one mentioned here https://developer.okta.com/docs/guides/revoke-tokens/main/#revoke-only-the-access-token
this allows to revoke only the access token without affecting the refresh token
m

magnificent-energy-493

03/11/2022, 2:20 PM
Then you should use this endpoint, it revokes the consent session and invalidates all associated access tokens https://www.ory.sh/docs/hydra/reference/api#operation/revokeConsentSessions
a

acceptable-fall-94281

03/11/2022, 2:40 PM
this end point also revokes the refresh token associated, we tested it.
2 Views