Here is what I've done to try and recreate this bug.
1.) Get a token scoped to the default domain with my admin user
2.) Create a new group under the default domain
3.) Create a new project under the default domain
4.) Assign the new group the admin role on the new project
5.) Confirm that the token from step 1 is still valid using the validate token API
6.) Remove the admin role from new group on the new project
7.) Confirm that the token from step 1 is still valid using the validate token API
I was able to successfully validate the token from step 1 in both steps 5 and 7.
Niranjana, is there anything different about how I've set things up or recreated the bug compared to what you have locally?
Here is what I've done to try and recreate this bug.
1.) Get a token scoped to the default domain with my admin user
2.) Create a new group under the default domain
3.) Create a new project under the default domain
4.) Assign the new group the admin role on the new project
5.) Confirm that the token from step 1 is still valid using the validate token API
6.) Remove the admin role from new group on the new project
7.) Confirm that the token from step 1 is still valid using the validate token API
I was able to successfully validate the token from step 1 in both steps 5 and 7.
Niranjana, is there anything different about how I've set things up or recreated the bug compared to what you have locally?