Called API manager token endpoint from a application. Got the token and invoked the API. Next time token call before token 1 is expired, revoked the token 1 and generated a new token. Shouldn't it send the token 1 without a new token?
2nd token call revoked the 1st token and generated a new token. Even if it generated a new token, token 1 should be active because token was not expired.
This is the design of the JWT tokens and at a given time, there will always be one active token for a given client ID secret pair.
That's why whenever you request a new token, token 1 was revoked. If you used opaque token, this is different and the same token will be sent during the lifetime of that token irrespective of the number of token calls.
This difference between JWT and opaque is as JWT tokens are large in size (with additional claims), only the JTI value is persisted in the database compared to opaque tokens where the entire token persisted. Because of this, KM cannot generate the same JWT twice and that's why the KM does not send the same token even though the previous token was valid. This issue was not present with the opaque tokens.
Edit:
You can achieve this same client ID secret with multiple tokens use case by using device scopes (Or any other scopes). The difference is,