Comment 8 for bug 1590805

Lance, it was not Project role assignment but Domain role assignment to a Group. Here the updated steps with REST commands.

1.) Get a token scoped to the default domain with my admin user
2.) Create a new group under the default domain (POST /v3/groups)
3.) Assign admin role to this group on domain ( PUT /v3/domains/default/groups/{group_id}/roles/{admin_role_id} )
4.) Revoke admin role from this group ( DELETE /v3/domains/default/groups/{group_id}/roles{admin_role_id}
5.) Now token generated in Step 1 will be invalid.