Is the Personal Access Token provision working?
johnmee opened this issue · 2 comments
johnmee commented
Hello,
- Via https://api.up.com.au/getting_started I was previously issued a Personal Access Token, which is working.
- This weekend I attempted to invalidate the token and reissue the token without success. The old token continues to work.
- Further, my wife attempted to issue a token to her account without success.
- User support via the app directed us to this (time insensitive?) form of contact.
Q: Is the token revocation not working generally, or is this a single user issue?
Q: Is the token provision not working generally, or is this a single user issue?
To reproduce:
- (browser) In a browser (not on the mobile device) navigate to https://api.up.com.au/getting_started
- (app) In the app (on the mobile device) scan the QR code
- (app) Displays IP address and asks "confirm"
- (app) Press "confirm"
- (app) "access granted" with a button "Got it"
Expected:
- (browser) to display the new token
- (api) to reject old token
- (api) to accept new token
Observed:
- (browser) No change.
- (api) continues to accept old token
Reproduction is consistent. Browsers used were firefox 87.0 both with and without "privacy badger", with and without "incognito mode", also with Chromium 89.0.43893.114.