Hello, I noticed that I can't seem to revoke/delete an oauth token via the API. I am using an authorization token with full access.
I try:
curl https://$ZENDESK_SUBDOMAIN.zendesk.com/api/v2/oauth/tokens.json -v -u $ZENDESK_EMAIL/token:$ZENDESK_API_TOKEN And I get a page of results like
{"tokens":[{"url":"https://xyz.zendesk.com/api/v2/oauth/tokens/1234567890.json","id":1234567890,...If I then do:
curl https://$ZENDESK_SUBDOMAIN.zendesk.com/api/v2/oauth/tokens/1234567890 -v -u $ZENDESK_EMAIL/token:$ZENDESK_API_TOKENI get
{"error":"RecordNotFound","description":"Not found"}I tried using the OAuth Client page in the admin, found the token I was interested in by paging through lots of pages manually (you need a better UI on the Oauth Client > View Tokens page), but I found it, and tried to delete from there. It did not delete there, either, I also got a 404
I tried another token and was able to get it. I didn't want to actually delete it, so I just retreived it, but I did not get a 404 in that case.
I don't think it's a scope/permissions issue, surely I should be able to do this from the Zendesk admin. And as I said, the token being used to authorize the call should have full access. It was generated with the API Token toll in the admin, which doesn't even seem to have options for restrictions on scopes.
My only thought is that maybe this token is already revoked, and weirdly a “get several” call will include it, but a “get by single id” call will 404. Am I close? If at all, is there any way to tell that tokens returned by the page are revoked or not?
This is an issue that I haven't run into before, so I have some questions to help me see what may be going on. Based on the information you provided, I'm almost 100% certain that you're doing this correctly, but I just want to clarify...when you're making the API calls to view and delete the tokens, you are using the id parameter and not the actual token itself, right? It seems like you are, this is just an area where I have found people running into issues before and want to make sure that's all good.
You mentioned that you were able to retrieve another token that you successfully deleted, which shouldn't be possible. Do you mean that you regenerated a new token? If not, could you provide some more details on how you retrieved this?
The next question is regarding the admin center 404 that you received. When you're looking at the OAuth tokens, is your user profile listed under "Created by" or is it another admin?