Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to revoke auth token in spring security?

Tags:

java

spring

spring-security-oauth2

In logout controller I tryed to write a lot of combination of code. Now I have this:

final Authentication auth = SecurityContextHolder.getContext().getAuthentication();

if (auth != null) {
    new SecurityContextLogoutHandler().logout(request, response, auth);
}

SecurityContextHolder.getContext().setAuthentication(null);
auth.setAuthenticated(false);

But after provided code execution token still valid.

What do I wrong? How to revoke token eventually?

like image 333
gstackoverflow Avatar asked Feb 24 '14 15:02

gstackoverflow

People also ask

How do I revoke OAuth access token?

To revoke a refresh token, send a POST request to https://YOUR_DOMAIN/oauth/revoke . The /oauth/revoke endpoint revokes the entire grant, not just a specific token. Use the /api/v2/device-credentials endpoint to revoke refresh tokens.

Can we revoke access token?

Once issued, access tokens and ID tokens cannot be revoked in the same way as cookies with session IDs for server-side sessions. As a result, tokens should be issued for relatively short periods, and then refreshed periodically if the user remains active.

How do you revoke a JWT token?

The most common way to revoke access to resources protected by a JWT involves setting its duration to a short period of time and revoking the refresh token so that the user can't generate a new token. This does not revoke the JWT per se; it does solve the root issue, which is to limit access.

How do I revoke an API token?

To revoke an access token, specify type accesstoken. To revoke both the access and refresh tokens, specify type refreshtoken. When it sees type refreshtoken, Edge assumes the token is a refresh token. If that refresh token is found, then it is revoked.

2 Answers

The class you're looking for is DefaultServices, method revokeToken(String tokenValue).

Here an exemple of a controller that revokes token, and here the oauth2 configuration with the DefaultServices bean.

like image 110
raonirenosto Avatar answered Sep 26 '22 07:09

raonirenosto

If you need to revoke a token for another user than the current one (E.g. an admin wants to disable a user account), you can use this:

Collection<OAuth2AccessToken> tokens = tokenStore.findTokensByClientIdAndUserName(
                                                           "my_oauth_client_id", 
                                                           user.getUsername());
for (OAuth2AccessToken token : tokens) {
  consumerTokenServices.revokeToken(token.getValue());
}

With tokenStore being an org.springframework.security.oauth2.provider.token.TokenStore and consumerTokenServices being a org.springframework.security.oauth2.provider.token.ConsumerTokenServices

like image 22
Wim Deblauwe Avatar answered Sep 25 '22 07:09

Wim Deblauwe
Sign in to Comment

Related questions

Radio Button In Android Enable and Disable
Solr Composite Unique key from existing fields in schema
Multipart/form-data does not support for request.getparamerter [duplicate]
Why the output is different between JDK 1.4 and 1.5?
Tess4j doesn't use it's tessdata folder
Is it ever possible for the getPath method of a java.net.URI object to return null? (If so, when?)
What does List Iterator's add() method do to the iterator?
Casting a class to an unrelated interface
What is meant by "the erasure of the static type of the expression on which it is called" in the getClass() docs?
Read a file separated by tab and put the words in an ArrayList
Java shutdown hook
Embed google maps in Java desktop Application
java JPanel How to fixed sizes
java - after splitting a string, what is the first element in the array?
How class loading is done by using -Xbootclasspath/p:path? [closed]
Android Edittext : setOnFocusChangeListener doesn't work
How to detect thread being blocked by IO?
Spring Framework 4.0 Sample application
The concatenation of chars to form a string gives different results
Eclipse changing workspace and directory

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!