Revoked application still has access

Moozh_Vozmozhno · February 1, 2019, 6:23pm

I was testing the behavior of when a third-party application gets its access revoked through the Community > Third Party Applications page.

So far it’s been about 12 hours and my app still has access to private information. I am able to query for a new access token using my refresh token, and I’m able to use the ESI api to get private data.

This seems pretty broken?

Blacksmoke16 · February 1, 2019, 6:43pm

There are some open issues about this. Namely:

If you are using the V1 SSO endpoints, can make an issue there.

Moozh_Vozmozhno · February 1, 2019, 6:50pm

I was using the v2 oauth endpoints. That’s incredibly broken if users can’t revoke access at all. And it’s been broken for 4-5 months?

system1 · May 2, 2019, 6:50pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Access of API key (different) Third Party Developers	6	665	December 23, 2017
Grant OAuto Theft 2 Third Party Developers	9	508	July 18, 2018
Can't revoke third party ESI links General Issues	8	1414	September 20, 2020
Information on changes to ESI for Third Party Applications Third Party Developers official , devblog , esi	20	4317	February 10, 2022
Evanova Third Party Developers esi	3	761	February 2, 2024

Revoked application still has access

Related topics