Open ddavaham opened 5 years ago
Can confirm this, the v2 revocation endpoint does not seem to be revoking refresh tokens as it should be.
My previous testing showed it to be working properly, so I'm guessing this problem was introduced recently, in the last month or so.
Could we please get an update on this?
Bug
I performed the following revokation of an access token
A Few minutes later using the same access token I was able to request data about the characters ship.
To Try again, I revoked the token by refresh token
Then tried requesting the ship again
I tried to refresh the token
I then delete the application via the developers console and waited five minutes
Only after deleting the application was did I receive a proper response from the refresh endpoint
However I am still able to make requests to ESI using an access token that is registered to an application that has been deleted.
But I am assuming that this is acceptable since the life time of these token is only 20 minutes.
Please let me know if there is anything else I can do to assist.