BIG-IQ APM OAuth Token Revocation on BIG-IP¶
Overview¶
This API is for OAuth Token Revocation on BIG-IP devices using a BIG-IQ Centralized Management system.
REST Endpoint: /cm/access/tasks/revoke-tokens¶
Requests¶
POST /mgmt/cm/access/tasks/revoke-tokens¶
Request Parameters¶
Name | Type | Required | Description |
---|---|---|---|
accessGroupNames | array_of_strings | False | One or more access group names. All OAuth token sessions in these groups will be revoked by invoking a task. |
clusterNames | array_of_strings | False | One or more cluster names. All OAuth token sessions in these BIG-IP clusters will be revoked by invoking a task. |
deviceReferences | reference | False | List of Device Reference links to one or more devices where active revoke-OAuth-token sessions live. |
link | string | False | Reference link to device in machineID resolver group. |
action | string | True | Revoke all active OAuth tokens user (REVOKE_TOKEN_FOR_USER), client id (REVOKE_TOKEN_FOR_CLIENT_ID), or list of tokens (REVOKE_LIST_OF_TOKENS). |
perDeviceOAuthIds | array_of_objects | False | List of one or more per device OAuth ID info object, with each object containing device reference and list of pairs of ID(OAuth ID) and clientID. |
OAuthIds | array_of_objects | False | List of pairs of ID(OAuth ID) and clientID. |
id | string | False | ID referring to OAuth token. |
clientId | string | False | Unique ID referring to a client. |
deviceReference | reference | False | Reference link to one devices in which active revoke-OAuth-token sessions live. |
link | string | False | Reference link to device in machineID resolver group. |
userName | string | False | Case sensitive field name. User name of the user whose tokens needs to be revoked. |
clientId | string | False | Unique ID used as a reference for client session to BIG-IP. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
accessGroupNames | array_of_strings | One or more access group names. All OAuth token sessions in these groups will be revoked by invoking a task. |
clusterNames | array_of_strings | One or more cluster names. All OAuth token sessions in these BIG-IP clusters will be revoked by invoking a task. |
deviceReferences | reference | List of Device Reference links to one or more devices where active revoke-OAuth-token sessions live. |
link | string | Reference link to device in machineID resolver group. |
action | string | Revoke all active OAuth tokens user (REVOKE_TOKEN_FOR_USER), client id (REVOKE_TOKEN_FOR_CLIENT_ID), or list of tokens (REVOKE_LIST_OF_TOKENS). |
perDeviceOAuthIds | array_of_objects | List of one or more per device OAuth ID info object, with each object containing device reference and list of pairs of ID(OAuth ID) and clientID. |
OAuthIds | array_of_objects | List of pairs of ID(OAuth ID) and clientID. |
id | string | ID referring to OAuth token. |
clientId | string | Unique ID referring to a client. |
deviceReference | reference | Reference link to one devices in which active revoke-OAuth-token sessions live. |
link | string | Reference link to device in machineID resolver group. |
userName | string | Case sensitive field name. User name of the user whose tokens needs to be revoked. |
clientId | string | Unique ID used as a reference for client session to BIG-IP. |
result | string | As part of response, result denotes whether OAuth tokens revocation action was COMPLETE, or FAILED. |
failureDetails | array_of_objects | As part of the response, during a failure, this populates with a list of device level failure info. |
failedIds | array_of_objects | |
errorCode | number | Error Code |
error | string | Error Message |
id | string | ID referring to OAuth token. |
dbInstance | string | DB Instance |
clientId | string | Unique ID referring to a client. |
deviceReference | reference | Reference link to one devices in which active revoke-OAuth-token sessions live. |
link | string | Reference link to device in machineID resolver group. |
currentStep | string | Current internal step for revoke-OAuth-token task. |
startDateTime | string | Start date and time of task. |
name | string | Name of the task. |
errorMessage | string | Error message describing details of task failure. |
id | string | ID of the object. |
endDateTime | string | End date and time of task. |
status | string | Current status of task. |
Error Response¶
HTTP/1.1 400 Bad Request
Error response Bad Request.
HTTP/1.1 404 Not Found
Error response Public URI path not registered.
Permissions¶
Role | Allow |
---|---|
Access_Manager | Yes |
GET /mgmt/cm/access/tasks/revoke-tokens/<id>¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Name | Type | Description |
---|---|---|
accessGroupNames | array_of_strings | One or more access group names. All OAuth token sessions in these groups will be revoked by invoking a task. |
clusterNames | array_of_strings | One or more cluster names. All OAuth token sessions in these BIG-IP clusters will be revoked by invoking a task. |
deviceReferences | reference | List of Device Reference links to one or more devices where active revoke-OAuth-token sessions live. |
link | string | Reference link to device in machineID resolver group. |
action | string | Revoke all active OAuth tokens user (REVOKE_TOKEN_FOR_USER), client id (REVOKE_TOKEN_FOR_CLIENT_ID), or list of tokens (REVOKE_LIST_OF_TOKENS). |
perDeviceOAuthIds | array_of_objects | List of one or more per device OAuth ID info object, with each object containing device reference and list of pairs of ID(OAuth ID) and clientID. |
OAuthIds | array_of_objects | List of pairs of ID(OAuth ID) and clientID. |
id | string | ID referring to OAuth token. |
clientId | string | Unique ID referring to a client. |
deviceReference | reference | Reference link to one devices in which active revoke-OAuth-token sessions live. |
link | string | Reference link to device in machineID resolver group. |
userName | string | Case sensitive field name. User name of the user whose tokens needs to be revoked. |
clientId | string | Unique ID used as a reference for client session to BIG-IP. |
result | string | As part of response, result denotes whether OAuth tokens revocation action was COMPLETE, or FAILED. |
failureDetails | array_of_objects | As part of the response, during a failure, this populates with a list of device level failure info. |
failedIds | array_of_objects | |
errorCode | number | Error Code |
error | string | Error Message |
id | string | ID referring to OAuth token. |
dbInstance | string | DB Instance |
clientId | string | Unique ID referring to a client. |
deviceReference | reference | Reference link to one devices in which active revoke-OAuth-token sessions live. |
link | string | Reference link to device in machineID resolver group. |
currentStep | string | Current internal step for revoke-OAuth-token task. |
startDateTime | string | Start date and time of task. |
name | string | Name of the task. |
errorMessage | string | Error message describing details of task failure. |
id | string | ID of the object. |
endDateTime | string | End date and time of task. |
status | string | Current status of task. |
Error Response¶
HTTP/1.1 400 Bad Request
Error response Bad Request.
HTTP/1.1 404 Not Found
Error response Public URI path not registered.
Permissions¶
Role | Allow |
---|---|
Access_Manager | Yes |
Examples¶
Revoke OAuth Tokens¶
POST /mgmt/cm/access/tasks/revoke-tokens
{
"accessGroupNames": "['AccessGroup1', 'AccessGroup2']",
"clusterNames": "['ca-cluster']",
"deviceReferences": [{
"link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
}],
"action": "REVOKE_TOKEN_FOR_USER",
"perDeviceOAuthIds": [{
"OAuthIds": [{
"id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
"clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
}],
"deviceReference": {
"link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
}
}],
"userName": "user1",
"clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
}
Response¶
HTTP/1.1 200 OK
{
"accessGroupNames": "['AccessGroup1', 'AccessGroup2']",
"clusterNames": "['ca-cluster']",
"deviceReferences": [{
"link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
}],
"action": "REVOKE_TOKEN_FOR_USER",
"perDeviceOAuthIds": [{
"OAuthIds": [{
"id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
"clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
}],
"deviceReference": {
"link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
}
}],
"userName": "user1",
"clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457",
"result": "COMPLETE",
"failureDetails": [{
"failedIds": [{
"errorCode": "400",
"error": "status:400, body:{"code":400,"message":"Token revoke failed. The OAuth ID is not found","errorStack":[],"apiError":26214401}",
"id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
"dbInstance": "/Common/OAuthdb",
"clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
}],
"deviceReference": {
"link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
}
}],
"currentStep": "RESOLVE_DEVICES",
"startDateTime": "2018-02-01T19:44:17.804-0800",
"name": "task_for_xyz",
"errorMessage": "Something bad happened at step 5.",
"id": "6287e999-9621-4e13-b588-51ca7895736e",
"endDateTime": "2018-02-01T19:44:17.804-0800",
"status": "STARTED"
}
Get Revoke OAuth Tokens Task by Task Id¶
GET /mgmt/cm/access/tasks/revoke-tokens/<id>
Response¶
HTTP/1.1 200 OK
{
"accessGroupNames": "['AccessGroup1', 'AccessGroup2']",
"clusterNames": "['ca-cluster']",
"deviceReferences": [{
"link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
}],
"action": "REVOKE_TOKEN_FOR_USER",
"perDeviceOAuthIds": [{
"OAuthIds": [{
"id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
"clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
}],
"deviceReference": {
"link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
}
}],
"userName": "user1",
"clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457",
"result": "COMPLETE",
"failureDetails": [{
"failedIds": [{
"errorCode": "400",
"error": "status:400, body:{"code":400,"message":"Token revoke failed. The OAuth ID is not found","errorStack":[],"apiError":26214401}",
"id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
"dbInstance": "/Common/OAuthdb",
"clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
}],
"deviceReference": {
"link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
}
}],
"currentStep": "RESOLVE_DEVICES",
"startDateTime": "2018-02-01T19:44:17.804-0800",
"name": "task_for_xyz",
"errorMessage": "Something bad happened at step 5.",
"id": "6287e999-9621-4e13-b588-51ca7895736e",
"endDateTime": "2018-02-01T19:44:17.804-0800",
"status": "STARTED"
}