Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revoking token does not clear AuthEngine-cache? #125

Open
Compufreak345 opened this issue Feb 21, 2016 · 0 comments
Open

Revoking token does not clear AuthEngine-cache? #125

Compufreak345 opened this issue Feb 21, 2016 · 0 comments
Assignees
@addyosmani

Comments

@Compufreak345
Copy link

It seems like that after revoking an access-token via API or Account-Settings the AuthEngine does not register all tokens as revoked and does not request them again. Steps to reproduce :

  1. Click on this button :
    <google-signin id="googleSigninTest" id="signIn" client-id="your-id" scopes="https://www.googleapis.com/auth/contacts.readonly"></google-signin>

  2. Goto https://security.google.com/settings/security/permissions?pli=1 and revoke the token (or revoke it via the Google API)

  3. Reload the signin-page

Expected output :
"Sign in"-button visible & on calling this.$.signIn.signIn() contacts.readonly gets requested again.

Real output :
"Sign out"-button visible & on calling this.$.signIn.signIn() contacts.readonly does not get requested again. Only after waiting some time it recognizes the change.

Is there some way to disable this kind of caching or force a refresh of the cache?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@addyosmani addyosmani

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@addyosmani @Compufreak345