GoogleWebComponents
Revoking token does not clear AuthEngine-cache?
It seems like that after revoking an access-token via API or Account-Settings the AuthEngine does not register all tokens as revoked and does not request them again. Steps to reproduce :
-
Click on this button :
<google-signin id="googleSigninTest" id="signIn" client-id="your-id" scopes="https://www.googleapis.com/auth/contacts.readonly"></google-signin> -
Goto https://security.google.com/settings/security/permissions?pli=1 and revoke the token (or revoke it via the Google API)
-
Reload the signin-page
Expected output : "Sign in"-button visible & on calling this.$.signIn.signIn() contacts.readonly gets requested again.
Real output : "Sign out"-button visible & on calling this.$.signIn.signIn() contacts.readonly does not get requested again. Only after waiting some time it recognizes the change.
Is there some way to disable this kind of caching or force a refresh of the cache?
