Re-authenticating through Oauth grants access to all previously connected Jira instances.
Here’s the steps I took to reproduce:
-
Auth to jira instance 1
-
Auth to jira instance 2
-
Check that my oauth token has access to both jira instances
-
Remove access to the app (from Atlassian account)
-
Check that the oauth token has no access to any jira instances
-
Auth to jira instance 1
-
Check and see that the oauth token still has access to both instances
-
Try refreshing the token
-
Check and see that refreshed token still has access to both instances
Is this expected behavior?
If so, is there any way to either revoke access or generate a new oauth token such that it only has access to the first instance?