diff --git a/keystone/models/revoke_model.py b/keystone/models/revoke_model.py index 79f008d0fe..53b0fd234a 100644 --- a/keystone/models/revoke_model.py +++ b/keystone/models/revoke_model.py @@ -111,7 +111,7 @@ class RevokeEvent(object): event['OS-TRUST:trust_id'] = self.trust_id if self.consumer_id is not None: event['OS-OAUTH1:consumer_id'] = self.consumer_id - if self.consumer_id is not None: + if self.access_token_id is not None: event['OS-OAUTH1:access_token_id'] = self.access_token_id if self.expires_at is not None: event['expires_at'] = utils.isotime(self.expires_at) diff --git a/keystone/tests/unit/test_v3_os_revoke.py b/keystone/tests/unit/test_v3_os_revoke.py index 502fe1c9e1..b9aad2ddb4 100644 --- a/keystone/tests/unit/test_v3_os_revoke.py +++ b/keystone/tests/unit/test_v3_os_revoke.py @@ -145,3 +145,18 @@ class OSRevokeTests(test_v3.RestfulTestCase, test_v3.JsonHomeTestMixin): # Strip off the microseconds from `revoked_at`. self.assertTimestampEqual(utils.isotime(revoked_at), events[0]['revoked_at']) + + def test_access_token_id_not_in_event(self): + ref = {'description': uuid.uuid4().hex} + resp = self.post('/OS-OAUTH1/consumers', body={'consumer': ref}) + consumer_id = resp.result['consumer']['id'] + self.oauth_api.delete_consumer(consumer_id) + + resp = self.get('/OS-REVOKE/events') + events = resp.json_body['events'] + self.assertThat(events, matchers.HasLength(1)) + event = events[0] + self.assertEqual(consumer_id, event['OS-OAUTH1:consumer_id']) + # `OS-OAUTH1:access_token_id` is None and won't be returned to + # end user. + self.assertNotIn('OS-OAUTH1:access_token_id', event)