Recent searches


No recent searches

Issues with revoking oauth tokens for Zendesk Support

Answered


Posted May 25, 2022

There are two methods available for revoking oauth tokens based on API documentation:
https://developer.zendesk.com/api-reference/ticketing/oauth/oauth_tokens/#revoke-token

However, we were able to revoke tokens only using first endpoint:
DELETE /api/v2/oauth/tokens/{oauth_token_id}

While revoking tokens using:
DELETE /api/v2/oauth/tokens/current.json
didn't work. Response we get in both cases were exactly same.


Also one additional thing we noticed is that if user generate one oauth token(go over oauth flow), and if after that user generate one more token, first token is not revoked, and it is not showing in UI. 
So only after we revoke latest token, older one will appear in UI. 
Not sure if this is desired behavior or bug(I think after new token is issued old one should become invalid).


1

1

1 comment

image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Ivica! My first questions here would be:

  • Are you authenticating that request with the OAuth token you want to revoke?
  • If so, does it have full write-access scoping associated with it?

Regarding the UI issue that you mentioned, I think that what is happening here is that you're expecting to see the client secret returned on the /tokens endpoint. If you revoke the token, it it does not regenerate a new client secret, which is why nothing is updated in the UI. If you want to see the associated client secret, you need to make a call to `/api/v2/oauth/clients`.

If you're referring to something else in the second part, could you take a screenshot (obscure sensitive data) of where you're looking in the Admin Center, as well as the request that you're making?

0


Please sign in to leave a comment.

Didn't find what you're looking for?

New post