Menu
▾
▴
[Unity-idm-discuss] Revoke Tokens from oauth2 authenticator Unity
|
From: Tim K. <t.k...@fz...> - 2020-05-12 09:26:26
|
Hey,
we're using one webservice and two Unitys. One Unity is configured as
oauth2 authenticator for the other.
Configuration for the <second_unity> (<first_unity_conf>:
unityServer.core.authenticators.hdfaai.configurationFile):
---
unity.oauth2.client.providers.hbp.type=unity
unity.oauth2.client.providers.hbp.clientId=...
unity.oauth2.client.providers.hbp.clientSecret=...
unity.oauth2.client.providers.hbp.openIdConnect=true
unity.oauth2.client.providers.hbp.httpClientHostnameChecking=WARN
unity.oauth2.client.providers.hbp.httpClientTruststore=MAIN
unity.oauth2.client.providers.hbp.name=Helmholtz
unity.oauth2.client.providers.hbp.openIdConnectDiscoveryEndpoint=
https://<second_unity>/oauth2/.well-known/openid-configuration
unity.oauth2.client.providers.hbp.scopes=email openid display_name
single-logout
unity.oauth2.client.providers.hbp.translationProfile=tr-hdfaai-input
---
If a user logs into my webservice and uses the <second_unity> as
authenticator I will receive an accesstoken/refreshtoken at my
webservice. I'm able to revoke these tokens when the user logs out.
But additionally two tokens are generated at the <second_unity>. Is
there a way to let the <first_unity> revoke these tokens? So that all 4
tokens, generated for this user (two on each Unity), will be revoked?
The Request I make to revoke the tokens is:
POST https://<first_unity_oauth_endpoint>/revoke
Headers:
{
'Content-Type': 'application/x-www-form-urlencoded'
}
Body:
{
'client_id': '...',
'logout': 'true',
'token_type_hint': 'refresh_token', # or access_token
'token': '...'
}
If that's not possible: Is there a way to receive the tokens from the
<second_unity>? So that I can revoke them separately?
Best regards,
Tim Kreuzer
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 1583
email: t.k...@fz...
----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
