The OAuth 2.0 Revoke a Token filter is used to revoke a specified OAuth 2.0 access or refresh token. A revoke token request causes the removal of the client permissions associated with the specified token used to access the user's protected resources. For more details on supported OAuth flows, see API Gateway OAuth 2.0 authentication flows.
OAuth access tokens are used to grant access to specific resources in an HTTP service for a specific period of time (for example, photos on a photo sharing website). This enables users to grant third-party applications access to their resources without sharing all of their data and access permissions. OAuth refresh tokens are tokens issued by the Authorization Server to the client that can be used to obtain a new access token.
Configure the following fields on this tab:
Token to be revoked can be found here:
Click the browse button to select the cache to revoke the token from (for example, the default OAuth Access Token Store). To add an access token store, right-click Access Token Stores, and select Add Access Token Store. You can store tokens in a cache, in a relational database, or in an embedded Cassandra database. For more details, see the section called “Manage access tokens and authorization codes”.
Find client application information from message:
Select one of the following:
-
In Authorization Header:
This is the default setting.
-
In Query String:
The Client Id defaults to
client_id, and Client Secret defaults toclient_secret.
The settings on this tab configure service-level monitoring options such as whether to store usage metrics data to a database. This information can be used by the web-based API Gateway Manager tool to display service use, and by the API Gateway Analytics tool to produce reports on how the service is used. For details on the fields on this tab, see the section called “Monitoring settings” in Get access token information.
