03/11/2022, 1:37 PM
Hi All, when we are revoking access token, the refresh token associated with the session is also getting revoked. we are using '/oauth2/revoke' endpoint. Is this an expected behavior? is there a way to revoke the access token alone?
03/11/2022, 1:47 PM
No, I don't think you would need to revoke the access token alone? Are you looking to revoke the consent sessions instead maybe?
For reference this might also be helpful:
Access and Refresh Tokens aren't Sessions
03/11/2022, 2:11 PM
we are looking for a capability like the one mentioned here
this allows to revoke only the access token without affecting the refresh token
03/11/2022, 2:20 PM
Then you should use this endpoint, it revokes the consent session and invalidates all associated access tokens
03/11/2022, 2:40 PM
this end point also revokes the refresh token associated, we tested it.