An OAuth client is created when an application access token is generated. When a subscriber creates an application and generates an access token to the application using the API Store, the Store makes a call to the API Gateway, which in turn connects with the Key Manager to create an OAuth client and obtain an access token. Similarly, to validate a token, the API Gateway calls the Key Manager, which fetches and validates the token details from the database.
You can revoke the access tokens issued for the application by following the instructions below
- Log in to the management console (
https://<HostName>:9443/carbon) - In the Main menu, click Service Providers.
- Select the Service Provider and click Edit.
- Expand the Inbound Authentication Configurations section and select OAuth/OpenID Configuration
You can revoke/deactivate the OAuth application by clicking Revoke. This will revoke all the tokens given for the application.
Info After an OAuth application is revoked, the consumer secret and all the generated access tokens and authorization codes will be invalid. You will not be able to regenerate access tokens in the API store or using the Token API.
Note To re-activate the application, the consumer secret must be regenerated as shown in the next step
To regenerate the secret of the OAuth Application, click Regenerate Secret.
Info You have to generate new access tokens and authorization codes for the OAuth application through the API Store or using the Token API after regenerating the consumer secret.