Robert Hung

Hello! I have tested the two endpoints for revoking token, and noticed the one ending with /current does not work as expected. I get a 204 response, but I can continue using the same token for future requests.

I did a comparison of the other revoke endpoint that requires you to pass in the /{oauth_token_id} and this works as expected - all subsequent requests return with a 401 unauthorized.

Is this expected, or am I missing something?

I would prefer to use that endpoint because the access token we provide does not have full read scopes, preventing the use of the show token endpoint to retrieve the oauth_token_id and revoke using the working endpoint.