I referred to this page. Then I want to realize the following functions.
It obtains End User ID from a access token sent by the request, Revoke access tokens on condition that End User ID. However, only the access token sent by the request is kept valid without being revoked.
How should it be implemented?
Answer by Madhan+Sadasivam
·
Sep 02, 2017 at 09:21 PM
The operation would invalidate all the tokens, you can follow it up with a validatetoken operation to bring it back in the same request.
<OAuthV2name="ValidateToken"> <Operation>ValidateToken</Operation> <Tokens> <Tokentype="accesstoken"cascade="true">flow.variable</Token> </Tokens> </OAuthV2>
Thanks, @Madhan Sadasivam
I tried a method to activate only a specific token with a policy after revoking all tokens with the Management API.
However, the response of the Management API is Status Code 202 (Accepted), which doesn't assure that all token invalidation processing has ended. As a result, the activation process was executed before the invalidation process was finished, and eventually all the tokens became invalidated in the end.
I considered putting sleep processing before activation process. But I gave it up, because the time to eliminate the above possibility was unclear.
Management API revoking access tokens by End User ID and App ID is not working properly 1 Answer
OAuth2 Token Expired error while Revoking via Management API 0 Answers
revoke access token in proxy 2 Answers
Need help with accessing Management API using OAuth2 1 Answer
Revoke token sometimes takes >2mins. Any way to improve? 4 Answers