Enabling and Disabling Clients
If you want to temporarily disable access to resources for all the access tokens issued to a registered client, you can disable that client. When you disable a client, the introspection endpoint (pub.oauth:introspectToken) returns "active=false" for all tokens issued to the client. This causes the resource server to deny access to requests that use one of the disabled client's tokens.
Note: The watt.server.oauth.disableClient.disableTokens server configuration parameter controls whether or not the OAuth introspection endpoint, the
pub.oauth:introspectToken service, considers whether a client account is disabled or enabled when determining if an access token is active. When watt.server.oauth.disableClient.disableTokens is set to true, the
pub.oauth:introspectToken service considers the token to be inactive if the client account to which the token was issued is disabled. When set to false, the
pub.oauth:introspectToken service does not consider the enabled/disabled state of the client account to which the access token was issued when evaluating an access token. For more information about watt.server.oauth.disableClient.disableTokens, see
watt.server./
Complete the following steps to enable or disable a registered client.
To enable or disable a client
1. Open the Integration Server Administrator if it is not already open.
2. In the Security menu of the Navigational Panel, click OAuth.
3. Click Client Registration.
4. Under the Active column of the Registered Clients list, select one of the following:
Click | To |
No | Enable a client. |
Yes | Disable a client. |
5. When prompted to confirm that you want to enable or disable the registered client, click OK.