wso2 api manager revoke tokens for specific user or application
NickName:user1563721 Ask DateTime:2018-02-23T06:31:12

wso2 api manager revoke tokens for specific user or application

In wso2 api manager there is Token API that can be used to revoke specific tokens by clients. This is for applications to handle token revocations during logout etc.

But how to revoke all tokens for specific user when I do not want to let user use API anymore? For example when I removed user account from my service.

Is there ani API that can be called from third party application to api manager with information that the user is removed and therefore api manager should invalidate user’s tokens.

Copyright Notice:Content Author:「user1563721」,Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article:https://stackoverflow.com/questions/48938296/wso2-api-manager-revoke-tokens-for-specific-user-or-application

Answers
menaka_ 2018-02-23T07:55:20

In WSO2 API manager, the access token is generated for an Application. When a user is going to use an API, he/she first needs to Subscribe to that API by create an application for that particular API. \n\nSo, if you need to revoke a particular token, you should do it for the application. The Token API of the WSO2 API Manager provides a method to revoke the token.\n\ncurl -k -v -d \"token=<ACCESS_TOKEN_TO_BE_REVOKED>\" -H \"Authorization: Basic <base64 encoded (clientId:clientSecret of the application)>\" -H \"Content-Type: application/x-www-form-urlencoded\" https://localhost:8243/revoke \n\n\nAFAIK, there is no straight forward option to remove the keys for particular user, as users are subscribed to apis via Applications.\n\nHowever you could do it by deleting the database entry for that particular user in IDN_OAUTH2_ACCESS_TOKEN table, where all the access token information are stored. \n\nFor more information for the Token api, please refer the following documentation.\n\nhttps://docs.wso2.com/display/AM210/Token+API",

Products recommended by Amazon
More >>>
SanDisk 128GB microSDXC-Card, Licensed for Nintendo-Switch - SDSQXAO-128G-GNCZN
SanDisk 128GB microSDXC-Card, Licensed for Nintendo-Switch - SDSQXAO-128G-GNCZN
 HUANUO Dual Monitor Stand - Adjustable Spring Monitor Desk Mount Swivel Vesa Bracket with C Clamp, Grommet Mounting Base for 13 to 27 Inch Computer Screens - Each Arm Holds 4.4 to 14.3lbs
HUANUO Dual Monitor Stand - Adjustable Spring Monitor Desk Mount Swivel Vesa Bracket with C Clamp, Grommet Mounting Base for 13 to 27 Inch Computer Screens - Each Arm Holds 4.4 to 14.3lbs
 AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler
AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler
 Timberland Men's 6-Inch Premium Waterproof Boot
Timberland Men's 6-Inch Premium Waterproof Boot
More about “wso2 api manager revoke tokens for specific user or application” related questions
wso2 api manager revoke tokens for specific user or application

In wso2 api manager there is Token API that can be used to revoke specific tokens by clients. This is for applications to handle token revocations during logout etc. But how to revoke all tokens for

Show Detail
wso2 api manager refresh and access token revocation

I have the setup where clients are accessing APIs defined through WSO2 API Manager secured by OAuth2 refresh and access tokens. The client gets the tokens using authorization code flow and authenti...

Show Detail
WSO2 revoke api

I was curious how can see the revoke api end point exists.The url configured is https://localhost:9443/revoke But I could see the api listed under the started application or under api. I even tried

Show Detail
WSO2 API Manager - java code sample to connect WSO2 API manager to do TOKEN API operations like generate production keys, tokens, refresh tokens etc

Currently I am doing POC on WSO2 API Manager. Is there any java client code sample to connect WSO2 API manager to do TOKEN API operations like generate production keys, tokens, refresh tokens etc.

Show Detail
How to configure Key configurations (namely: Token Endpoint and Revoke endpoint) in WSO2 API Manager

I have configured WSO2 Identity Server (hereafter IS) as Key Manager for WSO2 API Manager (hereafter APIM) following this documentation. APIM and IS are installed on different servers. Thereafter, I

Show Detail
How to get user's profile in wso2 api manager?

I need get user's profile in wso2 api manager, how could i do that? Until now, i've done get access token, refresh token and revoke token: https://localhost:9443/oauth2/token --&gt; access and ref...

Show Detail
WSo2 API Manager

Which inbuilt key manager ,WSo2 API Manager uses for managing access tokens. Is Ws02 Identity server built within API Manager. I know that we can configure a third party key manager (with different

Show Detail
Accessing API’s on WSO2 API Manager using JWT Tokens

I want to access APIs on WSO2 API manager by using JWT token. How to Access API’s on WSO2 API Manager using JWT Tokens.

Show Detail
WSO2 Api Manager using 3rd party authentication service to generate access tokens

I am new to WSO2 product suite and have been evaluating (specifically API Manager) for certain scenarios. I have a question regarding using authentication service provided by a legacy application a...

Show Detail
API Manager OAuth Token Revoke is Problematic

I am using SAML2 Bearer assertion profile to obtain OAuth Tokens form WSO2 API Manager. I have two client applications. In the OAuth Token Revoking process I am using following code, public static

Show Detail