Recent searches
No recent searches
Issues with revoking oauth tokens for Zendesk Support
Posted May 25, 2022
There are two methods available for revoking oauth tokens based on API documentation:
https://developer.zendesk.com/api-reference/ticketing/oauth/oauth_tokens/#revoke-token
However, we were able to revoke tokens only using first endpoint:
DELETE /api/v2/oauth/tokens/{oauth_token_id}
While revoking tokens using:
DELETE /api/v2/oauth/tokens/current.json
didn't work. Response we get in both cases were exactly same.
Also one additional thing we noticed is that if user generate one oauth token(go over oauth flow), and if after that user generate one more token, first token is not revoked, and it is not showing in UI.
So only after we revoke latest token, older one will appear in UI.
Not sure if this is desired behavior or bug(I think after new token is issued old one should become invalid).
1
1 comment
Greg Katechis
Hi Ivica! My first questions here would be:
Regarding the UI issue that you mentioned, I think that what is happening here is that you're expecting to see the client secret returned on the /tokens endpoint. If you revoke the token, it it does not regenerate a new client secret, which is why nothing is updated in the UI. If you want to see the associated client secret, you need to make a call to `/api/v2/oauth/clients`.
If you're referring to something else in the second part, could you take a screenshot (obscure sensitive data) of where you're looking in the Admin Center, as well as the request that you're making?
0