Hi Team, While working on API Manager token generation related issue i found that there are issue in cache invalidation logic.
*Problem* When we generate access token in issue() method of AbstractAuthorizationGrantHandler we cache token with consumerkey:authzUser:scope. But when revoke token we are using consumerkey:authzUser to clear cache entry. So cache entry will not remove from the cache and user getting already revoked token until cache get cleared. *Suggested solution* Here problem is when we revoke token we do not send scope of the token, so we need to retrieve it from tokenMgtDAO.retrieveAccessToken (through db call) and use it to clear cache. We might need to use same oauth cache key format(for oauth key cache) in all places. I will go ahead with suggested solution. Please let us know is there any issue with approach. Thanks, sanjeewa. -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
