Hi Dinusha, In API Manager are we handing the case where the client sends the refresh token for revocation. According to revocation spec the client can send either access token or refresh token. We are handling this in the OAuth component. Please make sure that in API Gateway also we are correctly removing the corresponding access token from the gateway cache similar to the refresh scenario.
On Fri, Nov 29, 2013 at 12:15 PM, Dinusha Senanayaka <[email protected]>wrote: > > > > On Thu, Nov 28, 2013 at 9:33 PM, Sumedha Rubasinghe <[email protected]>wrote: > >> Nirdesha, >> Please queue up for documentation update. >> On Nov 28, 2013 5:30 PM, "Johann Nallathamby" <[email protected]> wrote: >> >>> Hi, >>> >>> As discussed offline I have re-factored the fix for above [1]. >>> >>> The following are the names of the headers that come in response. >>> >>> Refresh grant type response: >>> >>> "DeactivatedAccessToken" >>> >>> Revoke endpoint response: >>> >>> "RevokedAccessToken" and "RevokedRefreshToken" >>> >>> From the revocation endpoint both the headers will be available since >>> the client could revoke using either access token or refresh token and the >>> corresponding other token should also be revoked. >>> >>> Please make the necessary changes in the API gateway and test with API >>> Manager 1.6.0. >>> >> Thanks Johan. We updated API gateway accordingly.. > > Regards, > Dinusha. > >> >>> [1] https://wso2.org/jira/browse/APIMANAGER-1828 >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Senior Software Engineer >>> Integration Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> > > > -- > Dinusha Dilrukshi > Senior Software Engineer > WSO2 Inc.: http://wso2.com/ > Mobile: +94725255071 > Blog: http://dinushasblog.blogspot.com/ > -- Thanks & Regards, *Johann Dilantha Nallathamby* Senior Software Engineer Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
