[OPENAM-7820] Additional delete/revoke token endpoints for Oauth2 - ForgeRock JIRA

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 12.0.0, 13.0.0
Fix Version/s: 12.0.3, 13.5.0
Component/s: oauth2, rest
Labels:
- EDISON
- release-notes

Target Version/s:

12.0.3, 13.5.0

Sprint:
AM Sustaining Sprint 15, AM Sustaining Sprint 16, AM Sustaining Sprint 17, AM Sustaining Sprint 18, AM Sustaining Sprint 19

Support Ticket IDs:

Description

Requirements from customer to provide an alternative to the : DELETE /frrest/oauth2/token/ endpoint.

High level requirements:

This new endpoint should,

1) Not require a SSOToken, or at least not require that the user re-login to get a SSOToken.

2) Revoke all a users' tokens using refresh token.

API is called with valid access token -> OpenAM revokes that access token and associated refresh token.
-API is called with valid refresh token -> OpenAM revokes that refresh token.

3) Subsequent attempts at access via a revoked token will be denied.

4) Subsequent attempts to access using a different valid token (e.g having initiated logout from a webpage, and then attempting access via a mobile app) then their access is permitted.

5) API only allows a user to revoke their own tokens. It should not allow a user to revoke tokens other than those detailed here.

Attachments

Issue Links

relates to

OPENAM-7146 Revoke access tokens while revoking refresh tokens

Resolved

links to

Perf Regression test Failure for OAuth2

Activity

People

Assignee:

Jonathan Thomas

Reporter:

Jonathan Thomas

Votes:

3 Vote for this issue

Watchers:

10 Start watching this issue

Dates

Created:

09/Dec/15 3:56 PM

Updated:

20/Nov/16 12:10 PM

Resolved:

29/Feb/16 1:04 PM

Time Tracking

Estimated:

12h

Remaining:

Logged:

10h