Solved: how to invalidate all existing access tokens for p...

LinkedIn · 08-24-2016 05:26 AM

LinkedIn

Just to add what @swilliams has told, it is possible to use the Management API to revoke the tokens associated with a particular user.

But that has to be taken care at the time of Access Token Generation by inserting the value of the end user id in the tag "<AppEndUser>" to the access token. This is explained very well here.

Hope this helps.

View solution in original post

williamssean

@Guru Venkatesh Please review the following management API docs.

http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/oauth2/revoke

This allows you to revoke access tokens based on the end user id or the app id.

anilsr

@swilliams , Any idea regarding revoking the tokens by access token attributes instead of developer id or app id ? If i am not wrong, above question talks about app user not the developer. Any insights regarding same will be super helpful.

williamssean

@Anil Sagar Yes, the link that I posted allows an org admin to revoke an access token by the app end user id or the application id. @MEGHDEEP BASU posted a link to the docs that describe how to include the app end user id in the access token when it is generated.

LinkedIn

Hello @Guru Venkatesh,

Just to add what @swilliams has told, it is possible to use the Management API to revoke the tokens associated with a particular user.

But that has to be taken care at the time of Access Token Generation by inserting the value of the end user id in the tag "<AppEndUser>" to the access token. This is explained very well here.

Hope this helps.

how to invalidate all existing access tokens for particular user