Post

2 followers Follow
0
Avatar

API: Managing access_tokens and refresh_tokens

I am building an app for my own company which is going to use the API to enhance our use of Podio. I would prefer to tightly manage the tokens and therefore I have some questions which I could not find an anser for in the documentation. If my app obtains 60 tokens during a 30 second window for the same user account does the Podio oAuth2.0 server then:

(1) Automatically revoke any prior issued tokens so only the newest one is active?

(2a) If no to (1) does it make it possible to request a list of all active tokens?
(2b) If no to (1) does it make it possible to revoke any given token?

If the answer to (2) is yes I would like to know how or alternative be pointed towards a resource that can tell me how to do this.

Thank you in advance.

David

Please sign in to leave a comment.

4 comments

0
Avatar

Thank you, Brian.

Just to be clear: the `/oauth/token/invalidate` invalidates all active tokens for the current logged in user. So it is not possible to invalidate specific tokens?

David 0 votes
0
Avatar

Hi David,

The wording in the docs are a little unclear, but a simple test should verify that it only invalidates the bearer token given in the request.

/Brian

Brian Stengaard 0 votes