📢 Moderators Needed 🚀

Moderators are needed with resources to post or have access to resources to post. Submit an application to be considered.

RSS OAuth2 Client - Revoking an application doesn't revoke refresh token

Thread starter stromb0li
Start date Thursday at 7:10 AM

stromb0li

Guest

Guest or Bot

Thursday at 7:10 AM

Repro:
1) Create OAuth2 Application; Public flow
2) Request an access token
3) Revoke the application via Admin CP or User Settings -> Applications.
4) Use of the access token will result in 401 forbidden when making an API call (as expected)
5) Use the existing refresh token to request a new access token. An access and refresh token is issued, application conscent is granted, and access to the API is resumed <- Not expected

Expected behavior: access and refresh token would both be revoked...

Read more

Continue reading...

RSS Odd problem with many different IPs accessing the same thread

RSS To do list [Paid]

Show hidden low quality content

You must log in or register to reply here.

S	RSS Oauth2 Client - Cannot get scope to show up on consent page stromb0li Nov 6, 2025 Xenforo RSS Feed
S	RSS Disabling OAuth2 clients don't disable stromb0li Nov 6, 2025 Xenforo RSS Feed
F	RSS OAuth2 between 2 xenforo forums Faust Oct 31, 2025 Xenforo RSS Feed
C	RSS Single sign on and more with OAuth2 in XenForo 2.3 Chris D Jan 8, 2026 Xenforo RSS Feed
C	RSS FraudClient - Report Spam Chris Grigg Oct 14, 2025 Xenforo RSS Feed

📢 Moderators Needed 🚀

RSS OAuth2 Client - Revoking an application doesn't revoke refresh token

stromb0li

Guest

We value your privacy