You are working in a project where users from an external company have editing access to documents, files, and diagrams. Now the project is finished, and these users no longer need to access those resources. You therefore want to revoke the access tokens of these users. Either the resource owner or an administrator performs this task.
If you use OAuth 2.0 for authentication, access tokens are issued for various users on a regular basis, for example daily. The tokens can be issued in a SAML bearer assertion flow or in an authorization code flow. The transactions for token context revocation enable a user to filter, display and to revoke access tokens. The following transactions are available:
OAuth 2.0 Token Context Revocation for resource owners (transaction SOAUTH2_REVOCATION)
OAuth 2.0 Token Context Revocation for administrators (transaction SOAUTH2_REVOKE_ADM)
The transactions enable you to see the following items:
User |
User who issued the access token |
Type |
Type of access token, for example, authorization code |
Creation date |
Creation date of the access token |
Creation time |
Creation time of the access token |
Expiration date |
Expiration date of the access token |
Expiration time |
Expiration time of the access token |
Scopes |
OAuth 2.0 scopes with a link with which you can display the scopes assigned to the selected token context |
OAuth 2.0 Scope ID |
OAuth 2.0 scope ID granted by the resource owner |
OAuth 2.0 Scope Description |
Description entered by the resource owner. This should list the resources. |
For more information, see Revoking an OAuth 2.0 Token and Configuring OAuth 2.0 Token Context Revocation.