CentraSite Documentation : Working with the CentraSite Business UI : API Management Solutions : Predefined Policies for API Management : The OAuth2 Client Management Policies : OAuth2 Client Revocation Policy
OAuth2 Client Revocation Policy
After an OAuth2 client access token is generated, users sometimes want to revoke the OAuth2 client token if compromised in any way, or no longer wants to use it.
When a consumer requests for revocation of an OAuth2 client through API-Portal, CentraSite internally triggers an OAuth2 Client Revocation policy for the API. The policy revokes the OAuth2 client, and then notifies the consumer that the requested client is revoked and no longer available for accessing the API.
Object Scope
OAuth2 Client
Event Scope
OnTrigger
Policy Actions
The OAuth2 Client Revocation policy includes the following built-in actions:
*Revoke OAuth2 Client - Revokes an existing OAuth2 client of the API.
Input Parameters
None.
*Create Auditable Events - Creates an audit log record about the revocation of the OAuth2 client.
*Send Email Notification - Sends an email message to the consumer who requested for OAuth2 client revocation through API-Portal.
Note:  
In case of failure to revoke the OAuth2 client, the API provider is informed through the configured email.
For more information about configuring the parameters for built-in actions, see the CentraSite Developer’s Guide.
Copyright © 2005-2015 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback