BIG-IQ APM OAuth Token Revocation on BIG-IP devices

Overview

API for OAuth Token Revocation on BIG-IP devices using a BIG-IQ centralized management system.

Version information

Version : 5.2, 5.3, 5.4

URI scheme

BasePath : /mgmt/cm/access/tasks
Schemes : HTTPS

Consumes

  • application/json

Produces

  • application/json

Paths

Revoke all oauth token by access groups for a specified user.

POST /revoke-tokens (access-groups)

Description

Revoke all active oauth tokens by access groups by a specified user.

Parameters

Type Name Description Schema Default
Body Json string for request body. Input parameter list in json format. required ex. {“action”:”REVOKE_TOKEN_FOR_USER”, “userName”:”user1”, “accessGroupNames”:[“TestGroup1”, “TestGroup2”]} post_revoke_oauth_token_by_access_group None

Responses

HTTP Code Description Schema
200 POST to revoke all oauth tokens by access group. properties_revoke_oauth_token
400 Error response Bad Request 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

List all oauth token revocation tasks as part of a collection.

GET /revoke-tokens

Description

Returns the collection of oauth token revocation tasks.

Responses

HTTP Code Description Schema
200 GET collection of oauth token revocation tasks. properties_revoke_oauth_token_collection
400 Error response “Bad Request” 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

Revoke all oauth-token sessions by cluster-name match for a specified user.

POST /revoke-tokens (bigip clusters)

Description

Revoke all oauth-token sessions by cluster-name match for specified devices.

Parameters

Type Name Description Schema Default
Body Json string for request body. Input parameter list in json format. required ex. {“action”:”REVOKE_TOKEN_FOR_USER”, “userName”:”user1”, “clusterNames”:[“BlueCluster”, “RedCluster”]} post_revoke_oauth_token_by_cluster_name None

Responses

HTTP Code Description Schema
200 POST to revoke oauth-token sessions within a cluster-name for a specific device. properties_revoke_oauth_token
400 Error response Bad Request 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

List all revoke-oauth-token tasks as part of a collection.

GET /revoke-tokens

Description

Returns the collection of revoke-oauth-token tasks.

Responses

HTTP Code Description Schema
200 GET collection of revoke-oauth-token tasks. properties_revoke_oauth_token_collection
400 Error response “Bad Request” 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

Revoke all oauth-token sessions by access group, cluster name and device reference match for a specified user.

POST /revoke-tokens (bigip clusters, access-groups and device reference)

Description

Revoke all oauth-token sessions by access group, cluster name match for specified devices.

Parameters

Type Name Description Schema Default
Body Json string for request body. Input parameter list in json format. required ex. {“action”:”REVOKE_TOKEN_FOR_USER”, “userName”:”user1”, “accessGroupNames”:[“TestGroup1”, “TestGroup2”], “clusterNames”:[“BlueCluster”, “RedCluster”], “deviceReferences”: [{“link”:”/localhost/mgmt/cm/system/machineid-resolver/3f320100-2177-42e0-8a46-2e33cd3366d”}” class=”bare”>https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642”},{“link”:”https://localhost/mgmt/cm/system/machineid-resolver/3f320100-2177-42e0-8a46-2e33cd3366d”}</a>]} post_revoke_oauth_token_by_cluster_name_access_group_device_reference None

Responses

HTTP Code Description Schema
200 POST to revoke oauth-token sessions within a access-group and cluster-name for a specfic device. properties_revoke_oauth_token
400 Error response Bad Request 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

List all revoke-oauth-token tasks as part of a collection.

GET /revoke-tokens

Description

Returns the collection of revoke-oauth-token tasks.

Responses

HTTP Code Description Schema
200 GET collection of revoke-oauth-token tasks. properties_revoke_oauth_token_collection
400 Error response “Bad Request” 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

Revoke-oauth-token by oauth client id.

POST /revoke-tokens (oauth client id)

Description

Revoke-oauth-token sessions by oauth token id for a device.

Parameters

Type Name Description Schema Default
Body Json string for request body. Input parameter list in json format. required ex. {“action”:”REVOKE_TOKEN_FOR_CLIENT_ID”, “clientId”:”e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457”, “deviceReferences”:[{“link”:”https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642”}]} post_revoke_oauth_token_by_oauth_id None

Responses

HTTP Code Description Schema
200 POST to revoke-oauth-token sessions by oauth token id. properties_revoke_oauth_token
400 Error response Bad Request 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

List all revoke-oauth-token tasks as part of a collection.

GET /revoke-tokens

Description

Returns the collection of revoke-oauth-token tasks.

Responses

HTTP Code Description Schema
200 GET collection of revoke-oauth-token tasks. properties_revoke_oauth_token_collection
400 Error response “Bad Request” 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

Revoke all oauth token by user.

POST /revoke-tokens (user)

Description

Revoke all active oauth tokens by user.

Parameters

Type Name Description Schema Default
Body Json string for request body. Input parameter list in json format. required ex. { “action”:”REVOKE_TOKEN_FOR_USER”, “userName”:”user1”, “deviceReferences”:[{“link”:”https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642”}]} post_revoke_oauth_token_by_user_body None

Responses

HTTP Code Description Schema
200 POST to revoke all oauth tokens by user. properties_revoke_oauth_token
400 Error response Bad Request 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

List all oauth token revocation tasks as part of a collection.

GET /revoke-tokens

Description

Returns the collection of oauth token revocation tasks.

Responses

HTTP Code Description Schema
200 GET collection of oauth token revocation tasks. properties_revoke_oauth_token_collection
400 Error response “Bad Request” 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

Revoke a list oauth token by user.

POST /revoke-tokens (list of tokens)

Description

Revoke a list of active oauth tokens for a specified user.

Parameters

Type Name Description Schema Default
Body Json string for request body. Input parameter list in json format. required ex. {“action”:”REVOKE_LIST_OF_TOKENS”, “perDeviceOauthIds”: [{“oauthIds”: [{“id”: “da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b”, “clientId”: “e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457”}, {“id”: “0df998ae62ace6fb6a82bb745b8586e7306afb94e3ca146a”, “clientId”: “e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457”}], “deviceReference”: {“link”:”https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642”}}, { “oauthIds”: [{“id”: “e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457”, “clientId”: “bb745b8586e7306afb94”}, {“id”: “8586e7306afb8586e7306afb8586e7306afb”, “clientId”: “8ad92cbb970dd500”}], “deviceReference”: { “link”:”https://localhost/mgmt/cm/system/machineid-resolver/23h4jkhk324-f405-489f-kj3434-98234”}}]} post_revoke_list_of_tokens_body None

Responses

HTTP Code Description Schema
200 POST to revoke a list of active oauth tokens by user. properties_revoke_oauth_token
400 Error response Bad Request 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

Returns a list of oauth token by user.

GET /revoke-tokens

Description

Returns a list of active oauth tokens for a specified user.

Responses

HTTP Code Description Schema
200 GET to revoke a list oauth tokens by user. properties_revoke_oauth_token_collection
400 Error response Bad Request 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

Used to get a single instance of a revoke-oauth-token task.

GET /revoke-tokens/{objectId}

Description

Returns a object for revoke-oauth-token session task identified by id for an endpoint URI.

Parameters

Type Name Description Schema Default
Path objectId Unique id refering to a token. required string(UUID) None

Responses

HTTP Code Description Schema
200 APM revoke-oauth-token task object. properties_revoke_oauth_token
400 Server error response “Bad Request”. 400_error_collection
404 Error response Public URI path not registered. 404_error_collection

Definitions

400_error_collection

Name Description Schema
errorStack Error stack trace returned by java. optional, read-only string
items Collection or list of tokens. optional, read-only < object > array
kind Type information for a collection of tasks used to revoke-oauth-token sessions - cm:access:tasks:revoke-tokens:oauthrevoketokentaskcollectionstate. optional, read-only string
message Error message returned from server. optional, read-only string
requestBody The data in the request body. GET (None) optional, read-only string
requestOperationId Unique id assigned to rest operation. optional, read-only integer(int64)

404_error_collection

Name Description Schema
errorStack Error stack trace returned by java. optional, read-only string
items Collection or list of tokens. optional, read-only < object > array
kind Type information for a collection of tasks used to revoke-oauth-token sessions - cm:access:tasks:revoke-tokens:oauthrevoketokentaskcollectionstate. optional, read-only string
message Error message returned from server. optional, read-only string
requestBody The data in the request body. GET (None) optional, read-only string
requestOperationId Unique id assigned to rest operation. optional, read-only integer(int64)

post_revoke_oauth_token_by_access_group

Name Description Schema
accessGroupNames One or more access group names. All oauth-token sessions in these groups will be revoked by invoking task. optional string
action Action used to revoke-oauth-token session by access_group. ex action. “REVOKE_TOKEN_FOR_USER” required string
userName User name defined for revoke-oauth-token sessions owned. optional string

post_revoke_oauth_token_by_cluster_name

Name Description Schema
action Action used to revoke-oauth-token session by cluster_name. ex action. “REVOKE_TOKEN_FOR_USER” required string
clusterName One or more cluster names. All oauth token sessions in these bigip clusters will be revoked by invoking task. optional string
userName User name defined for revoke-oauth-token sessions owned. optional string

post_revoke_oauth_token_by_cluster_name_access_group_device_reference

Name Description Schema
accessGroupNames One or more access group names. All oauth token sessions in these groups will be revoked by invoking task. optional string
action Action used to revoke-oauth-token session by cluster_name. ex action. “REVOKE_TOKEN_FOR_USER” required string
clusterNames One or more cluster names. All oauth token sessions in these bigip clusters will be revoked by invoking task. optional string
deviceReferences Reference link to one or more devices in which active revoke-oauth-token sessions live. optional string
userName User name defined to all revoke-oauth-token sessions owned. optional string

post_revoke_oauth_token_by_oauth_id

Name Description Schema
action Action used to revoke-oauth-token identified by a oauth token id. ex. “REVOKE_TOKEN_FOR_CLIENT_ID” required string
clientId Unique id associated with the revoke-oauth-token. ex. e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457 optional string

post_revoke_oauth_token_by_user_body

Name Description Schema
action Action used to revoke-oauth-token session by a user. ex. “REVOKE_TOKEN_FOR_USER” required string
deviceReferences Reference link to one or more devices in which active revoke-oauth-token sessions live. optional < deviceReferences > array
userName User name defined for revoke-oauth-tokens owned. optional string

deviceReferences

Name Description Schema
link Reference link to device in resolver group. optional string

post_revoke_oauth_token_by_list_body

Name Description Schema
action Action used to revoke-oauth-token by a user. ex. “REVOKE_LIST_OF_TOKENS” required string
perDeviceOauthIds Device specfic oauth token id.” optional < perDeviceOauthIds >array
deviceReferences Reference link to one or more devices in which active revoke-oauth-token sessions live. optional < deviceReferences > array
userName User name defined for revoke-oauth-token sessions owned. optional string

deviceReferences

Name Description Schema
link Reference link to device in resolver group. optional string

properties_revoke_oauth_token

Name Description Schema
accessGroupNames One or more access group names. All revoke-oauth-tokens in these groups will be killed by invoking task. optional string
action Action used to revoke-oauth-tokens identified by a oauth token id. ex. “REVOKE_TOKEN_FOR_CLIENT_ID” “REVOKE_TOKEN_FOR_USER” required string
clientId Unique id used as a reference for client session to BIGIP. optional, read-only string
currentStep Current internal step for revoke-oauth-token task. optional, read-only string
generation A integer that will track change made to a revoke-oauth-token task object. generation. optional, read-only integer(int64)
id Unique id assocaited with revoke-oauth-token task object. optional string
identityReference Reference link to the user who issued the rest call. optional < identityReference > array
kind Type information for revoke-oauth-token task object - cm:access:tasks:revoke-tokens:oauthrevoketokentaskitemstate. optional string
lastUpdateMicros Update time (micros) for last change made to a revoke-oauth-token task object. time. optional, read-only integer(int64)
name Name of revoke-oauth-token session task object. optional string
ownerMachineId Device machine id used by revoke-oauth-token task object. Sessions that live on this device will be revoked. optional string
selfLink A reference link URI to the revoke-oauth-token task object. optional, read-only string
startDateTime Date / Time of when this revoke-oauth-token task began. optional string
status Status of revoke-oauth-token task state. - optional ex. STARTED, FINISHED. string
userName User name defined to all revoke-oauth-tokens owned. optional string
userReference Refernece link to user issuing the rest call to start revoke-oauth-token task. optional string
username User username. optional string

identityReference

Name Description Schema
link Reference link to user identity. optional string

properties_revoke_oauth_token_collection

Name Description Schema
generation An integer that will track change made to revoke-oauth-tokens task collection object. generation. optional, read-only integer(int64)
items Collection of revoke oauth tokens. optional < object > array
kind Type information for revoke-oauth-token task collection object - cm:access:tasks:revoke-tokens:oauthrevoketokentaskitemstate. optional, read-only string
lastUpdateMicros Update time (micros) for last change to revoke-oauth-token task collection object. time. optional, read-only integer(int64)
selfLink A reference link URI for revoke-oauth-token task collection object. optional, read-only string

post_revoke_list_of_tokens_body

Name Description Schema
action Action used to revoke-oauth-token by a user. ex. “REVOKE_LIST_OF_TOKENS”. required string
deviceReference Reference link to device in resolver groups. optional object
perDeviceOauthIds Per device ids assocated with token. optional < perDeviceOauthIds > array

perDeviceOauthIds

Name Description Schema
oauthIds Id refering to oauth token. optional < oauthIds > array

oauthIds

Name Description Schema
clientId Unique id referring to a client. optional string
id Unique if referring to a token. string optional string
Previous Next