From d896f65ceab0671e64945525a84af6ce389fdd1d Mon Sep 17 00:00:00 2001
From: Bryan Apellanes <63638027+bryanapellanes-okta@users.noreply.github.com>
Date: Fri, 15 Dec 2023 14:26:34 -0600
Subject: [PATCH] OKTA-641384: clear token from cache on call to
 oauth.clear_access_token() (#380)

fix oauth.clear_access_token()
 update changelog and version

---------

Co-authored-by: haggrip <hagai.eliaz@grip.security>
---
 CHANGELOG.md                                |  3 ++
 okta/__init__.py                            |  2 +-
 okta/oauth.py                               |  2 ++
 tests/unit/test_oauth_clear_access_token.py | 32 +++++++++++++++++++++
 4 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 tests/unit/test_oauth_clear_access_token.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 22775864..62e430bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Okta Python SDK Changelog
 
+## 2.9.5
+* Clear access token from cache on call to OAuth.clear_access_token()
+
 ## 2.9.4
 * Add optional parameter to api_response.next() to include response object as a third tuple value. 
 
diff --git a/okta/__init__.py b/okta/__init__.py
index c3f8be5b..82c5fb16 100644
--- a/okta/__init__.py
+++ b/okta/__init__.py
@@ -1 +1 @@
-__version__ = '2.9.4'
+__version__ = '2.9.5'
diff --git a/okta/oauth.py b/okta/oauth.py
index 0c1755bc..0ff18923 100644
--- a/okta/oauth.py
+++ b/okta/oauth.py
@@ -90,3 +90,5 @@ def clear_access_token(self):
         Clear currently used OAuth access token, probably expired
         """
         self._access_token = None
+        self._request_executor._cache.delete("OKTA_ACCESS_TOKEN")
+        self._request_executor._default_headers.pop("Authorization", None)
diff --git a/tests/unit/test_oauth_clear_access_token.py b/tests/unit/test_oauth_clear_access_token.py
new file mode 100644
index 00000000..11af6c02
--- /dev/null
+++ b/tests/unit/test_oauth_clear_access_token.py
@@ -0,0 +1,32 @@
+from okta.oauth import OAuth
+
+"""
+Testing OAuth.clear_access_token
+"""
+class WasCalled:
+    def __init__(self):
+        self.value = False
+
+cache_delete_was_called = WasCalled
+headers_pop_was_called = WasCalled
+
+class mockCache:
+    def delete(token):
+        cache_delete_was_called.value = True
+
+class mockHeaders:
+    def pop(header, ignored):
+        headers_pop_was_called.value = True
+
+class mockRequestExecutor:
+    def __init__(self, cache):
+        self._cache = cache
+        self._default_headers = mockHeaders
+
+def test_oauth_clear_access_token():
+    _mockRequestExecutor = mockRequestExecutor(mockCache)
+    oauth = OAuth(_mockRequestExecutor, {})
+    oauth.clear_access_token()
+    assert cache_delete_was_called.value
+    assert headers_pop_was_called.value
+