BIG-IQ APM OAuth Token Revocation on BIG-IP

Overview

This API is for OAuth Token Revocation on BIG-IP devices using a BIG-IQ Centralized Management system.

REST Endpoint: /mgmt/cm/access/tasks/revoke-tokens

Requests

POST /mgmt/cm/access/tasks/revoke-tokens

Request Parameters

Name Type Required Description
accessGroupNames array_of_strings False One or more access group names. All OAuth token sessions in these groups will be revoked by invoking a task.
clusterNames array_of_strings False One or more cluster names. All OAuth token sessions in these BIG-IP clusters will be revoked by invoking a task.
deviceReferences reference False List of Device Reference links to one or more devices where active revoke-OAuth-token sessions live.
     link string False Reference link to device in machineID resolver group.
action string True Revoke all active OAuth tokens user (REVOKE_TOKEN_FOR_USER), client id (REVOKE_TOKEN_FOR_CLIENT_ID), or list of tokens (REVOKE_LIST_OF_TOKENS).
perDeviceOAuthIds array_of_objects False List of one or more per device OAuth ID info object, with each object containing device reference and list of pairs of ID(OAuth ID) and clientID.
     OAuthIds array_of_objects False List of pairs of ID(OAuth ID) and clientID.
          id string False ID referring to OAuth token.
          clientId string False Unique ID referring to a client.
     deviceReference reference False Reference link to one devices in which active revoke-OAuth-token sessions live.
          link string False Reference link to device in machineID resolver group.
userName string False Case sensitive field name. User name of the user whose tokens needs to be revoked.
clientId string False Unique ID used as a reference for client session to BIG-IP.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
accessGroupNames array_of_strings One or more access group names. All OAuth token sessions in these groups will be revoked by invoking a task.
clusterNames array_of_strings One or more cluster names. All OAuth token sessions in these BIG-IP clusters will be revoked by invoking a task.
deviceReferences reference List of Device Reference links to one or more devices where active revoke-OAuth-token sessions live.
     link string Reference link to device in machineID resolver group.
action string Revoke all active OAuth tokens user (REVOKE_TOKEN_FOR_USER), client id (REVOKE_TOKEN_FOR_CLIENT_ID), or list of tokens (REVOKE_LIST_OF_TOKENS).
perDeviceOAuthIds array_of_objects List of one or more per device OAuth ID info object, with each object containing device reference and list of pairs of ID(OAuth ID) and clientID.
     OAuthIds array_of_objects List of pairs of ID(OAuth ID) and clientID.
          id string ID referring to OAuth token.
          clientId string Unique ID referring to a client.
     deviceReference reference Reference link to one devices in which active revoke-OAuth-token sessions live.
          link string Reference link to device in machineID resolver group.
userName string Case sensitive field name. User name of the user whose tokens needs to be revoked.
clientId string Unique ID used as a reference for client session to BIG-IP.
result string As part of response, result denotes whether OAuth tokens revocation action was COMPLETE, or FAILED.
failureDetails array_of_objects As part of the response, during a failure, this populates with a list of device level failure info.
     failedIds array_of_objects  
          errorCode number Error Code
          error string Error Message
          id string ID referring to OAuth token.
          dbInstance string DB Instance
          clientId string Unique ID referring to a client.
     deviceReference reference Reference link to one devices in which active revoke-OAuth-token sessions live.
          link string Reference link to device in machineID resolver group.
currentStep string Current internal step for revoke-OAuth-token task.
startDateTime string Start date and time of task.
name string Name of the task.
errorMessage string Error message describing details of task failure.
id string ID of the object.
endDateTime string End date and time of task.
status string Current status of task.

Error Response

HTTP/1.1 400 Bad Request

Error response Bad Request.

HTTP/1.1 404 Not Found

Error response Public URI path not registered.

Permissions

Role Allow
Access_Manager Yes

GET /mgmt/cm/access/tasks/revoke-tokens/<id>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
accessGroupNames array_of_strings One or more access group names. All OAuth token sessions in these groups will be revoked by invoking a task.
clusterNames array_of_strings One or more cluster names. All OAuth token sessions in these BIG-IP clusters will be revoked by invoking a task.
deviceReferences reference List of Device Reference links to one or more devices where active revoke-OAuth-token sessions live.
     link string Reference link to device in machineID resolver group.
action string Revoke all active OAuth tokens user (REVOKE_TOKEN_FOR_USER), client id (REVOKE_TOKEN_FOR_CLIENT_ID), or list of tokens (REVOKE_LIST_OF_TOKENS).
perDeviceOAuthIds array_of_objects List of one or more per device OAuth ID info object, with each object containing device reference and list of pairs of ID(OAuth ID) and clientID.
     OAuthIds array_of_objects List of pairs of ID(OAuth ID) and clientID.
          id string ID referring to OAuth token.
          clientId string Unique ID referring to a client.
     deviceReference reference Reference link to one devices in which active revoke-OAuth-token sessions live.
          link string Reference link to device in machineID resolver group.
userName string Case sensitive field name. User name of the user whose tokens needs to be revoked.
clientId string Unique ID used as a reference for client session to BIG-IP.
result string As part of response, result denotes whether OAuth tokens revocation action was COMPLETE, or FAILED.
failureDetails array_of_objects As part of the response, during a failure, this populates with a list of device level failure info.
     failedIds array_of_objects  
          errorCode number Error Code
          error string Error Message
          id string ID referring to OAuth token.
          dbInstance string DB Instance
          clientId string Unique ID referring to a client.
     deviceReference reference Reference link to one devices in which active revoke-OAuth-token sessions live.
          link string Reference link to device in machineID resolver group.
currentStep string Current internal step for revoke-OAuth-token task.
startDateTime string Start date and time of task.
name string Name of the task.
errorMessage string Error message describing details of task failure.
id string ID of the object.
endDateTime string End date and time of task.
status string Current status of task.

Error Response

HTTP/1.1 400 Bad Request

Error response Bad Request.

HTTP/1.1 404 Not Found

Error response Public URI path not registered.

Permissions

Role Allow
Access_Manager Yes

Examples

Revoke OAuth Tokens

POST /mgmt/cm/access/tasks/revoke-tokens
{
    "accessGroupNames": "['AccessGroup1', 'AccessGroup2']",
    "clusterNames": "['ca-cluster']",
    "deviceReferences": [{
        "link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
    }],
    "action": "REVOKE_TOKEN_FOR_USER",
    "perDeviceOAuthIds": [{
        "OAuthIds": [{
            "id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
            "clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
        }],
        "deviceReference": {
            "link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
        }
    }],
    "userName": "user1",
    "clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
}

Response

HTTP/1.1 200 OK
{
    "accessGroupNames": "['AccessGroup1', 'AccessGroup2']",
    "clusterNames": "['ca-cluster']",
    "deviceReferences": [{
        "link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
    }],
    "action": "REVOKE_TOKEN_FOR_USER",
    "perDeviceOAuthIds": [{
        "OAuthIds": [{
            "id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
            "clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
        }],
        "deviceReference": {
            "link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
        }
    }],
    "userName": "user1",
    "clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457",
    "result": "COMPLETE",
    "failureDetails": [{
        "failedIds": [{
            "errorCode": "400",
            "error": "status:400, body:{"code":400,"message":"Token revoke failed. The OAuth ID is not found","errorStack":[],"apiError":26214401}",
            "id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
            "dbInstance": "/Common/OAuthdb",
            "clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
        }],
        "deviceReference": {
            "link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
        }
    }],
    "currentStep": "RESOLVE_DEVICES",
    "startDateTime": "2018-02-01T19:44:17.804-0800",
    "name": "task_for_xyz",
    "errorMessage": "Something bad happened at step 5.",
    "id": "6287e999-9621-4e13-b588-51ca7895736e",
    "endDateTime": "2018-02-01T19:44:17.804-0800",
    "status": "STARTED"
}

Get Revoke OAuth Tokens Task by Task Id

GET /mgmt/cm/access/tasks/revoke-tokens/<id>

Response

HTTP/1.1 200 OK
{
    "accessGroupNames": "['AccessGroup1', 'AccessGroup2']",
    "clusterNames": "['ca-cluster']",
    "deviceReferences": [{
        "link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
    }],
    "action": "REVOKE_TOKEN_FOR_USER",
    "perDeviceOAuthIds": [{
        "OAuthIds": [{
            "id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
            "clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
        }],
        "deviceReference": {
            "link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
        }
    }],
    "userName": "user1",
    "clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457",
    "result": "COMPLETE",
    "failureDetails": [{
        "failedIds": [{
            "errorCode": "400",
            "error": "status:400, body:{"code":400,"message":"Token revoke failed. The OAuth ID is not found","errorStack":[],"apiError":26214401}",
            "id": "da6d57ffab9decbe9d75b7fdd4440ad43bedc7a475f3105b",
            "dbInstance": "/Common/OAuthdb",
            "clientId": "e3f3e7204d00d88ad92cbb970dd5005056b093adfa6d7457"
        }],
        "deviceReference": {
            "link": "https://localhost/mgmt/cm/system/machineid-resolver/901695c8-f405-489f-9996-54f7b21da642"
        }
    }],
    "currentStep": "RESOLVE_DEVICES",
    "startDateTime": "2018-02-01T19:44:17.804-0800",
    "name": "task_for_xyz",
    "errorMessage": "Something bad happened at step 5.",
    "id": "6287e999-9621-4e13-b588-51ca7895736e",
    "endDateTime": "2018-02-01T19:44:17.804-0800",
    "status": "STARTED"
}