There are two methods available for revoking oauth tokens based on API documentation:
https://developer.zendesk.com/api-reference/ticketing/oauth/oauth_tokens/#revoke-token
However, we were able to revoke tokens only using first endpoint:
DELETE /api/v2/oauth/tokens/{oauth_token_id}
While revoking tokens using:
DELETE /api/v2/oauth/tokens/current.json
didn't work. Response we get in both cases were exactly same.
Also one additional thing we noticed is that if user generate one oauth token(go over oauth flow), and if after that user generate one more token, first token is not revoked, and it is not showing in UI.
So only after we revoke latest token, older one will appear in UI.
Not sure if this is desired behavior or bug(I think after new token is issued old one should become invalid).
Issues with revoking oauth tokens for Zendesk Support
Hi Ivica! My first questions here would be:
- Are you authenticating that request with the OAuth token you want to revoke?
- If so, does it have full write-access scoping associated with it?
Regarding the UI issue that you mentioned, I think that what is happening here is that you're expecting to see the client secret returned on the /tokens endpoint. If you revoke the token, it it does not regenerate a new client secret, which is why nothing is updated in the UI. If you want to see the associated client secret, you need to make a call to `/api/v2/oauth/clients`.
If you're referring to something else in the second part, could you take a screenshot (obscure sensitive data) of where you're looking in the Admin Center, as well as the request that you're making?
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.