For token revocation testing - allow the tester to select which access token they are testing #394
Labels
feature-improvement
This is a new feature or improvement to be added to Inferno
Comments
|
We agree that this could be improved and are considering various options. |
yunwwang
added
feature-improvement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When doing g10 testing, there are two tokens issues to patient apps:
Later, when demonstrating token revocation (step 9.3), Inferno assumes and pre-populates the token from step 1. However, systems may have revoked that token already when issuing the limited access app token (from what I can tell, auth servers are not prohibited from revoking access tokens if a subsequent auth code flow issues a more restricted token).
It would be useful if Inferno let the user select which of the two access tokens should be used when performing the revocation test.
There is a workaround, where the user can just re-run step 1 to stage the token for revocation testing, but that is a little awkward in the overall testing flow.
The text was updated successfully, but these errors were encountered: