BUG#AC-9337:Revoking or invalidating previous access tokens upon generating new access token

Author: Rachana

app/code/Magento/Integration/Api/TokenManager.php

@@ -94,4 +94,15 @@ public function revokeFor(UserContextInterface $userContext): void
     {
         $this->tokenRevoker->revokeFor($userContext);
     }
+
+    /**
+     * Revoke  previously issued tokens for given user.
+     *
+     * @param UserContextInterface $userContext
+     * @return void
+     */
+    public function revokeForOld(UserContextInterface $userContext): void
+    {
+        $this->tokenRevoker->revokeForOld($userContext);
+    }
 }

app/code/Magento/Integration/Model/CustomerTokenService.php

@@ -77,7 +77,8 @@ public function createCustomerAccessToken($username, $password)
             CustomUserContext::USER_TYPE_CUSTOMER
         );
         $params = $this->tokenManager->createUserTokenParameters();
-        $this->revokeCustomerAccessToken($customerDataObject->getId());
+        $this->revokeCustomerAccessTokenOld($customerDataObject->getId());
+
         return $this->tokenManager->create($context, $params);
     }
 
@@ -114,4 +115,23 @@ private function getRequestThrottler()
         }
         return $this->requestThrottler;
     }
+
+    /**
+     * Revoke old token by customer id.
+     *
+     * @param int $customerId
+     * @return bool
+     * @throws \Magento\Framework\Exception\LocalizedException
+     */
+    public function revokeCustomerAccessTokenOld($customerId)
+    {
+        try {
+            $this->tokenManager->revokeForOld(
+                new CustomUserContext((int)$customerId, CustomUserContext::USER_TYPE_CUSTOMER)
+            );
+        } catch (UserTokenException $exception) {
+            throw new LocalizedException(__('Failed to revoke customer\'s access tokens'), $exception);
+        }
+        return true;
+    }
 }

app/code/Magento/JwtUserToken/Model/Revoker.php

@@ -33,6 +33,17 @@ public function __construct(RevokedRepositoryInterface $revokedRepo)
      * @inheritDoc
      */
     public function revokeFor(UserContextInterface $userContext): void
+    {
+        //Invalidating all tokens issued before current datetime.
+        $this->revokedRepo->saveRevoked(
+            new Revoked((int) $userContext->getUserType(), (int) $userContext->getUserId(), time())
+        );
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function revokeForOld(UserContextInterface $userContext): void
     {
         //Invalidating all tokens issued before current datetime.
         $this->revokedRepo->saveRevoked(