AppEndUser for GenerateAuthorizationCode operation of OAuthV2 policy

openapidev
Participant I

Hello,

We are trying to generate an access token that contains the end userId (for future revocation).

The way how to do this is described here Enable retrieval and revocation of OAuth 2.0 access tokens by end user ID, app id, or both.

We have a question, is it possible to achieve the same result when OAuthV2 operation type is GenerateAuthorizationCode, not GenerateAccessToken?

We have user id only in the flow when auth code is generated and we don't what to give a client ability to post a user-id directly, using /token endpoint as it is discussed in the topic above.

Thanks.

Solved Solved
0 1 205
1 ACCEPTED SOLUTION

sillan_dt
Participant IV

Yes, you can have the same for the Authorization code generation.

View solution in original post

1 REPLY 1

sillan_dt
Participant IV

Yes, you can have the same for the Authorization code generation.