diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py
index a001e6b16d..48691b614c 100644
--- a/keystone/assignment/core.py
+++ b/keystone/assignment/core.py
@@ -381,7 +381,10 @@ class Manager(manager.Manager):
 
         self.driver.remove_role_from_user_and_project(user_id, project_id,
                                                       role_id)
-        self.identity_api.emit_invalidate_user_token_persistence(user_id)
+        if project_id:
+            self._emit_invalidate_grant_token_persistence(user_id, project_id)
+        else:
+            self.identity_api.emit_invalidate_user_token_persistence(user_id)
         self.revoke_api.revoke_by_grant(role_id, user_id=user_id,
                                         project_id=project_id)
 
diff --git a/keystone/tests/unit/test_auth.py b/keystone/tests/unit/test_auth.py
index f8a2cdf8ef..b288e48850 100644
--- a/keystone/tests/unit/test_auth.py
+++ b/keystone/tests/unit/test_auth.py
@@ -489,14 +489,7 @@ class AuthWithToken(AuthTest):
             self.user_foo['id'], project['id'], role['id'])
 
         # Ensure it is still valid
-        # FIXME(dolph): Due to bug 1488208, the unscoped token is actually
-        # invalid. The assertRaises() should be removed and the token should
-        # validate without error.
-        self.assertRaises(
-            exception.TokenNotFound,
-            self.controller.validate_token,
-            admin_context,
-            token_id=token_id)
+        self.controller.validate_token(admin_context, token_id=token_id)
 
     def test_only_original_audit_id_is_kept(self):
         context = {}
@@ -1212,18 +1205,11 @@ class AuthWithTrust(AuthTest):
                           self.controller.authenticate, {}, request_body)
 
         unscoped_token = self.get_unscoped_token(self.trustor['name'])
-        # FIXME(dolph): Due to bug 1488208, this token is already "revoked,"
-        # even though we just created it. Further, this token should be valid
-        # because we've only revoked role assignments (we haven't done anything
-        # that should affect unscoped tokens). The code commented out after the
-        # assertRaises should be restored when this bug is fixed.
-        self.assertRaises(
-            exception.TokenNotFound,
-            self._create_auth_context,
+        context = self._create_auth_context(
             unscoped_token['access']['token']['id'])
-        # trust = self.trust_controller.get_trust(context,
-        #                                         new_trust['id'])['trust']
-        # self.assertEqual(3, trust['remaining_uses'])
+        trust = self.trust_controller.get_trust(context,
+                                                new_trust['id'])['trust']
+        self.assertEqual(3, trust['remaining_uses'])
 
     def test_v2_trust_token_contains_trustor_user_id_and_impersonation(self):
         new_trust = self.create_trust(self.sample_data, self.trustor['name'])