authenticationoracle-rest-data-services

How to revoke an accesstoken?


I'm developing a login with Angular exposing my database functions via ORDS. At the moment I generate an accessToken to display my database views exposed via web API, and I use the following cmd command:

curl -i -k --user <client_id>:<client_secret> --data "grant_type=client_credentials" http://mydomain/ords/myuser/oauth/token 

Can someone suggest me a cmd line that allows me to revoke the created token?

I tried using the following cmd:

curl -k -v -d "token=<myToken>" -H "Authorization: Basic <base64 string>" -H "Content-Type: application/x-www-form-urlencoded" http://mydomain/ords/myuser/oauth/token/revoke

but it always gives me back:

{
    "code": "MethodNotAllowed",
    "message": "Method Not Allowed",
    "type": "tag:oracle.com,2020:error/MethodNotAllowed",
    "instance": "tag:oracle.com,2020:ecid/nuwMG_FM5KkwLETSjIA3cQ"
}*


Solution

  • Simple answer is that you cannot revoke a specific AccessToken since it's a self sustained signed document (like a JWT). It's like if you have issued a passport, every border control will not double check its validity with you.

    What you can do is: