BIG-IQ APM OAuth Token Revocation on BIG-IP devices¶
Overview¶
API for OAuth Token Revocation on BIG-IP devices using a BIG-IQ centralized management system.
Version information¶
Version : 5.2, 5.3, 5.4
URI scheme¶
Consumes¶
application/json
Produces¶
application/json
Paths¶
Revoke all oauth token by access groups for a specified user.¶
POST /revoke-tokens (access-groups)
Description¶
Revoke all active oauth tokens by access groups by a specified user.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Body | Json string for request body. | Input parameter list in json format. required ex. {“action”:”REVOKE_TOKEN_FOR_USER”, “userName”:”user1”, “accessGroupNames”:[“TestGroup1”, “TestGroup2”]} | post_revoke_oauth_token_by_access_group | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | POST to revoke all oauth tokens by access group. | properties_revoke_oauth_token |
400 | Error response Bad Request | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
List all oauth token revocation tasks as part of a collection.¶
GET /revoke-tokens
Description¶
Returns the collection of oauth token revocation tasks.
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | GET collection of oauth token revocation tasks. | properties_revoke_oauth_token_collection |
400 | Error response “Bad Request” | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
Revoke all oauth-token sessions by cluster-name match for a specified user.¶
POST /revoke-tokens (bigip clusters)
Description¶
Revoke all oauth-token sessions by cluster-name match for specified devices.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Body | Json string for request body. | Input parameter list in json format. required ex. {“action”:”REVOKE_TOKEN_FOR_USER”, “userName”:”user1”, “clusterNames”:[“BlueCluster”, “RedCluster”]} | post_revoke_oauth_token_by_cluster_name | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | POST to revoke oauth-token sessions within a cluster-name for a specific device. | properties_revoke_oauth_token |
400 | Error response Bad Request | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
List all revoke-oauth-token tasks as part of a collection.¶
GET /revoke-tokens
Description¶
Returns the collection of revoke-oauth-token tasks.
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | GET collection of revoke-oauth-token tasks. | properties_revoke_oauth_token_collection |
400 | Error response “Bad Request” | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
Revoke all oauth-token sessions by access group, cluster name and device reference match for a specified user.¶
POST /revoke-tokens (bigip clusters, access-groups and device reference)
Description¶
Revoke all oauth-token sessions by access group, cluster name match for specified devices.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Body | Json string for request body. | Input parameter list in json format. required ex. {“action”:”REVOKE_TOKEN_FOR_USER”, “userName”:”user1”, “accessGroupNames”:[“TestGroup1”, “TestGroup2”], “clusterNames”:[“BlueCluster”, “RedCluster”], “deviceReferences”: [{“link”:”/localhost/mgmt/cm/system/machineid-resolver/3f320100-2177-42e0-8a46-2e33cd3366d”}” class=”bare”>https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642”},{“link”:”https://localhost/mgmt/cm/system/machineid-resolver/3f320100-2177-42e0-8a46-2e33cd3366d”}</a>]} | post_revoke_oauth_token_by_cluster_name_access_group_device_reference | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | POST to revoke oauth-token sessions within a access-group and cluster-name for a specfic device. | properties_revoke_oauth_token |
400 | Error response Bad Request | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
List all revoke-oauth-token tasks as part of a collection.¶
GET /revoke-tokens
Description¶
Returns the collection of revoke-oauth-token tasks.
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | GET collection of revoke-oauth-token tasks. | properties_revoke_oauth_token_collection |
400 | Error response “Bad Request” | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
Revoke-oauth-token by oauth client id.¶
POST /revoke-tokens (oauth client id)
Description¶
Revoke-oauth-token sessions by oauth token id for a device.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Body | Json string for request body. | Input parameter list in json format. required ex. {“action”:”REVOKE_TOKEN_FOR_CLIENT_ID”, “clientId”:”e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457”, “deviceReferences”:[{“link”:”https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642”}]} | post_revoke_oauth_token_by_oauth_id | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | POST to revoke-oauth-token sessions by oauth token id. | properties_revoke_oauth_token |
400 | Error response Bad Request | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
List all revoke-oauth-token tasks as part of a collection.¶
GET /revoke-tokens
Description¶
Returns the collection of revoke-oauth-token tasks.
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | GET collection of revoke-oauth-token tasks. | properties_revoke_oauth_token_collection |
400 | Error response “Bad Request” | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
Revoke all oauth token by user.¶
POST /revoke-tokens (user)
Description¶
Revoke all active oauth tokens by user.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Body | Json string for request body. | Input parameter list in json format. required ex. { “action”:”REVOKE_TOKEN_FOR_USER”, “userName”:”user1”, “deviceReferences”:[{“link”:”https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642”}]} | post_revoke_oauth_token_by_user_body | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | POST to revoke all oauth tokens by user. | properties_revoke_oauth_token |
400 | Error response Bad Request | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
List all oauth token revocation tasks as part of a collection.¶
GET /revoke-tokens
Description¶
Returns the collection of oauth token revocation tasks.
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | GET collection of oauth token revocation tasks. | properties_revoke_oauth_token_collection |
400 | Error response “Bad Request” | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
Revoke a list oauth token by user.¶
POST /revoke-tokens (list of tokens)
Description¶
Revoke a list of active oauth tokens for a specified user.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Body | Json string for request body. | Input parameter list in json format. required ex. {“action”:”REVOKE_LIST_OF_TOKENS”, “perDeviceOauthIds”: [{“oauthIds”: [{“id”: “da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b”, “clientId”: “e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457”}, {“id”: “0df998ae62ace6fb6a82bb745b8586e7306afb94e3ca146a”, “clientId”: “e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457”}], “deviceReference”: {“link”:”https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642”}}, { “oauthIds”: [{“id”: “e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457”, “clientId”: “bb745b8586e7306afb94”}, {“id”: “8586e7306afb8586e7306afb8586e7306afb”, “clientId”: “8ad92cbb970dd500”}], “deviceReference”: { “link”:”https://localhost/mgmt/cm/system/machineid-resolver/23h4jkhk324-f405-489f-kj3434-98234”}}]} | post_revoke_list_of_tokens_body | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | POST to revoke a list of active oauth tokens by user. | properties_revoke_oauth_token |
400 | Error response Bad Request | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
Returns a list of oauth token by user.¶
GET /revoke-tokens
Description¶
Returns a list of active oauth tokens for a specified user.
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | GET to revoke a list oauth tokens by user. | properties_revoke_oauth_token_collection |
400 | Error response Bad Request | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
Used to get a single instance of a revoke-oauth-token task.¶
GET /revoke-tokens/{objectId}
Description¶
Returns a object for revoke-oauth-token session task identified by id for an endpoint URI.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Path | objectId | Unique id refering to a token. required | string(UUID) | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | APM revoke-oauth-token task object. | properties_revoke_oauth_token |
400 | Server error response “Bad Request”. | 400_error_collection |
404 | Error response Public URI path not registered. | 404_error_collection |
Definitions¶
400_error_collection¶
Name | Description | Schema |
---|---|---|
errorStack | Error stack trace returned by java. optional, read-only | string |
items | Collection or list of tokens. optional, read-only | < object > array |
kind | Type information for a collection of tasks used to revoke-oauth-token sessions - cm:access:tasks:revoke-tokens:oauthrevoketokentaskcollectionstate. optional, read-only | string |
message | Error message returned from server. optional, read-only | string |
requestBody | The data in the request body. GET (None) optional, read-only | string |
requestOperationId | Unique id assigned to rest operation. optional, read-only | integer(int64) |
404_error_collection¶
Name | Description | Schema |
---|---|---|
errorStack | Error stack trace returned by java. optional, read-only | string |
items | Collection or list of tokens. optional, read-only | < object > array |
kind | Type information for a collection of tasks used to revoke-oauth-token sessions - cm:access:tasks:revoke-tokens:oauthrevoketokentaskcollectionstate. optional, read-only | string |
message | Error message returned from server. optional, read-only | string |
requestBody | The data in the request body. GET (None) optional, read-only | string |
requestOperationId | Unique id assigned to rest operation. optional, read-only | integer(int64) |
post_revoke_oauth_token_by_access_group¶
Name | Description | Schema |
---|---|---|
accessGroupNames | One or more access group names. All oauth-token sessions in these groups will be revoked by invoking task. optional | string |
action | Action used to revoke-oauth-token session by access_group. ex action. “REVOKE_TOKEN_FOR_USER” required | string |
userName | User name defined for revoke-oauth-token sessions owned. optional | string |
post_revoke_oauth_token_by_cluster_name¶
Name | Description | Schema |
---|---|---|
action | Action used to revoke-oauth-token session by cluster_name. ex action. “REVOKE_TOKEN_FOR_USER” required | string |
clusterName | One or more cluster names. All oauth token sessions in these bigip clusters will be revoked by invoking task. optional | string |
userName | User name defined for revoke-oauth-token sessions owned. optional | string |
post_revoke_oauth_token_by_cluster_name_access_group_device_reference¶
Name | Description | Schema |
---|---|---|
accessGroupNames | One or more access group names. All oauth token sessions in these groups will be revoked by invoking task. optional | string |
action | Action used to revoke-oauth-token session by cluster_name. ex action. “REVOKE_TOKEN_FOR_USER” required | string |
clusterNames | One or more cluster names. All oauth token sessions in these bigip clusters will be revoked by invoking task. optional | string |
deviceReferences | Reference link to one or more devices in which active revoke-oauth-token sessions live. optional | string |
userName | User name defined to all revoke-oauth-token sessions owned. optional | string |
post_revoke_oauth_token_by_oauth_id¶
Name | Description | Schema |
---|---|---|
action | Action used to revoke-oauth-token identified by a oauth token id. ex. “REVOKE_TOKEN_FOR_CLIENT_ID” required | string |
clientId | Unique id associated with the revoke-oauth-token. ex. e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457 optional | string |
post_revoke_oauth_token_by_user_body¶
Name | Description | Schema |
---|---|---|
action | Action used to revoke-oauth-token session by a user. ex. “REVOKE_TOKEN_FOR_USER” required | string |
deviceReferences | Reference link to one or more devices in which active revoke-oauth-token sessions live. optional | < deviceReferences > array |
userName | User name defined for revoke-oauth-tokens owned. optional | string |
deviceReferences
Name | Description | Schema |
---|---|---|
link | Reference link to device in resolver group. optional | string |
post_revoke_oauth_token_by_list_body¶
Name | Description | Schema |
---|---|---|
action | Action used to revoke-oauth-token by a user. ex. “REVOKE_LIST_OF_TOKENS” required | string |
perDeviceOauthIds | Device specfic oauth token id.” optional | < perDeviceOauthIds >array |
deviceReferences | Reference link to one or more devices in which active revoke-oauth-token sessions live. optional | < deviceReferences > array |
userName | User name defined for revoke-oauth-token sessions owned. optional | string |
deviceReferences
Name | Description | Schema |
---|---|---|
link | Reference link to device in resolver group. optional | string |
properties_revoke_oauth_token¶
Name | Description | Schema |
---|---|---|
accessGroupNames | One or more access group names. All revoke-oauth-tokens in these groups will be killed by invoking task. optional | string |
action | Action used to revoke-oauth-tokens identified by a oauth token id. ex. “REVOKE_TOKEN_FOR_CLIENT_ID” “REVOKE_TOKEN_FOR_USER” required | string |
clientId | Unique id used as a reference for client session to BIGIP. optional, read-only | string |
currentStep | Current internal step for revoke-oauth-token task. optional, read-only | string |
generation | A integer that will track change made to a revoke-oauth-token task object. generation. optional, read-only | integer(int64) |
id | Unique id assocaited with revoke-oauth-token task object. optional | string |
identityReference | Reference link to the user who issued the rest call. optional | < identityReference > array |
kind | Type information for revoke-oauth-token task object - cm:access:tasks:revoke-tokens:oauthrevoketokentaskitemstate. optional | string |
lastUpdateMicros | Update time (micros) for last change made to a revoke-oauth-token task object. time. optional, read-only | integer(int64) |
name | Name of revoke-oauth-token session task object. optional | string |
ownerMachineId | Device machine id used by revoke-oauth-token task object. Sessions that live on this device will be revoked. optional | string |
selfLink | A reference link URI to the revoke-oauth-token task object. optional, read-only | string |
startDateTime | Date / Time of when this revoke-oauth-token task began. optional | string |
status | Status of revoke-oauth-token task state. - optional ex. STARTED, FINISHED. | string |
userName | User name defined to all revoke-oauth-tokens owned. optional | string |
userReference | Refernece link to user issuing the rest call to start revoke-oauth-token task. optional | string |
username | User username. optional | string |
identityReference
Name | Description | Schema |
---|---|---|
link | Reference link to user identity. optional | string |
properties_revoke_oauth_token_collection¶
Name | Description | Schema |
---|---|---|
generation | An integer that will track change made to revoke-oauth-tokens task collection object. generation. optional, read-only | integer(int64) |
items | Collection of revoke oauth tokens. optional | < object > array |
kind | Type information for revoke-oauth-token task collection object - cm:access:tasks:revoke-tokens:oauthrevoketokentaskitemstate. optional, read-only | string |
lastUpdateMicros | Update time (micros) for last change to revoke-oauth-token task collection object. time. optional, read-only | integer(int64) |
selfLink | A reference link URI for revoke-oauth-token task collection object. optional, read-only | string |
post_revoke_list_of_tokens_body¶
Name | Description | Schema |
---|---|---|
action | Action used to revoke-oauth-token by a user. ex. “REVOKE_LIST_OF_TOKENS”. required | string |
deviceReference | Reference link to device in resolver groups. optional | object |
perDeviceOauthIds | Per device ids assocated with token. optional | < perDeviceOauthIds > array |
perDeviceOauthIds
Name | Description | Schema |
---|---|---|
oauthIds | Id refering to oauth token. optional | < oauthIds > array |
oauthIds
Name | Description | Schema |
---|---|---|
clientId | Unique id referring to a client. optional | string |
id | Unique if referring to a token. string optional | string |