Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14059

Inconsistent behavior while revoking stateful v/s stateless refresh tokens

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.0.0.5
    • Fix Version/s: 6.5.2, 7.0.0
    • Component/s: oauth2
    • Labels:
    • Target Version/s:
    • Sprint:
      2019.4 - Coins, 2019.5 - Scissors

      Description

      Bug description

      Inconsistent behavior while revoking stateful v/s stateless refresh tokens. 

      How to reproduce the issue

      Revoke stateful refresh token

      1. Acquire stateful access and refresh tokens using any OAuth grant : accesstoken1 and refreshtoken1
      2. Refresh accesstoken1 using refreshtoken1, accesstoken2 and refreshtoken2 are issued
      3. Revoke refreshtoken1
      4. There is no impact on refreshtoken2 

      Revoke stateless refresh token

      1. Acquire stateless access and refresh tokens using any OAuth grant : accesstoken1 and refreshtoken1
      2. Refresh accesstoken1 using refreshtoken1, accesstoken2 and refreshtoken2 are issued
      3. Revoke refreshtoken1
      4. refreshtoken2 is also revoked
      Expected behaviour
      Revoking stateless refreshtoken1 should have no impact on refreshtoken2
      Current behaviour
      Revoking stateless refreshtoken1 also revokes refreshtoken2

       

      This may be related to OPENAM-13047

       

        Attachments

          Activity

            People

            • Assignee:
              kajetan.hemzaczek Kajetan Hemzaczek
              Reporter:
              charan.mann Charan Mann
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: