Since the client grant doesn't support transparent reauthentication of a token has expired, I'm looking into handling it myself. I currently get tokens that are valid 24h. Is there a way to invalidate a token, so the next API request would act as if a token has expired normally? I was looking at the token API, and called
DELETE /api/v2/tokens/me
In my test, the next operation I'm running is HEAD /api/v2/tokens. It thrown an ApiException as expected, but it has an empty ErrorContent.
When I run any other operation, even on the tokens API (e.g. GET /api/v2/tokens/me), I'm getting something along these lines as ErrorContent
{"message":"No authentication bearer token specified in authorization header.","code":"authentication.required","status":401,"contextId":"461652bf-89b0-4db6-9d99-32bf0fb36577","details":[],"errors":[]}
If I modify the access token, I'm getting the same behavior. Why is there no structured error from the token verification API?
Your app should just look for a 401 response from any API request. All endpoints (that require authorization) will return a 401 when the auth token isn't valid for any reason. Expired tokens, malformed tokens, and missing tokens are all treated the same: 401 unauthorized.
Only successful responses are deserialized in the SDKs. You can use the extended variety of the functions to inspect the raw response body and deserialize it to ErrorBody. In your case, the function would be HeadTokensMeWithHttpInfo().
There's no body, just headers. So regardless of whether you call HeadTokensMe' or 'HeadTokensMeWithHttpInfo', if you have no or an invalid token, the ApiException's ErrorContent` will be empty