Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The OAuth Token Revocation functionality is available with WSO2 Identity Server and follows this specification. There are two endpoints exposed as a result of the token revocation feature.

  1. REST endpoint at /oauth2endpointsoauth2/revoke
  2. SOAP endpoint at /services/OAuthAdminService with operation revokeAuthzForAppsByResourceOwner

...

Code Block
curl -X POST --basic -u "4xTplVAiQEwrBF6wYSW3cpyqYDoa:GREoG5f80kmg7uHNed2YwfJSxlQa" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "token=d23e96c9bf2818fe5b4db0f8dbe829bb&token_type_hint=access_token" https://localhost:9443/oauth2endpointsoauth2/revoke

The token parameter used here can be an access token or refresh token. The token_type_hint parameter is optional. This parameter can take values of either access_token or refresh_token. The Identity Server uses this parameter to speed up the process of looking up the token by searching first in the set of tokens the client specifies (access_token or refresh_token). If the token is not to be found in the set the client claims it to be in, then the server looks for the token in the other set (refresh_token or access_token).

The SOAP endpoint, on the other hand, is for the resource owners to directly interact with the Authorization server and revoke authorization grants for applications they previously granted access to, without the OAuth 2.0 application/client being an intermediary in the process. The use of this SOAP endpoint is demonstrated by the WSO2 Identity Server’s management console at ‘Configure’ > ‘My dashboard under Authorized Apps‘ for resource owners to login and revoke application authorization.

  1. Go to the dashboard URL: https://localhost:9443/dashboard/.
  2. Click the Login button.
  3. Enter your username and password and click the Sign In button. The dashboard appears.
  4. Click the View details button to access the components.

...

  1. Once you have logged in, click View details under Authorized Apps. The following page appears, listing out the available apps.
    Image Added

The Authorized Apps page indicates the user has granted authorization to the application ‘Playground2.0travelocity′ created by user ‘AppDevadmin’.

Image Removed

The token revocation end-point also supports CORS (Cross-Origin Resource Sharing) specification and also JSONP (Remote JSON – JSONP).

...

You can find this webapp at <WSO2_IS_HOME>/repository/deployment/server/webapps/oauth2endpointsoauth2.war. Rather than editing the web.xml directly in the deployed directory, its easier to copy the oauth2endpointsoauth2.war file into another location, edit the web.xml and copy it back into the webapps folder and it gets hot deployed.

...

Code Block
curl -X POST --basic -u "4xTplVAiQEwrBF6wYSW3cpyqYDoa:GREoG5f80kmg7uHNed2YwfJSxlQa" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "token=d23e96c9bf2818fe5b4db0f8dbe829bb&token_type_hint=access_token&callback=package.myCallback" https://localhost:9443/oauth2endpointsoauth2/revoke

The callback parameter is optional.