diff --git a/common/api.py b/common/api.py index cea6e9b0..ed4f75a4 100644 --- a/common/api.py +++ b/common/api.py @@ -23,6 +23,9 @@ class OAuthAccessTokenAuth(HttpBearer): if not tk: logger.debug("API auth: access token not found") return False + if tk.revoked: + logger.debug("API auth: access token revoked") + return False request_scope = "" request_method = request.method if request_method in PERMITTED_READ_METHODS: