Revoked application still has access

Moozh_Vozmozhno · February 1, 2019, 6:23pm

I was testing the behavior of when a third-party application gets its access revoked through the Community > Third Party Applications page.

So far it’s been about 12 hours and my app still has access to private information. I am able to query for a new access token using my refresh token, and I’m able to use the ESI api to get private data.

This seems pretty broken?

Blacksmoke16 · February 1, 2019, 6:43pm

There are some open issues about this. Namely:

If you are using the V1 SSO endpoints, can make an issue there.

Moozh_Vozmozhno · February 1, 2019, 6:50pm

I was using the v2 oauth endpoints. That’s incredibly broken if users can’t revoke access at all. And it’s been broken for 4-5 months?

system1 · May 2, 2019, 6:50pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.