doc: clarify token revocation #2749
Conversation
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/187128281 The labels on this github issue will be updated when the story is started. |
There was a problem hiding this comment.
Maybe could you start the section by saying something like
Both access and refresh tokens can potentially be revoked
and add 2 subsections for each token type?
Sorry if I'm too nit-picky, I think that it's important to be precise and clear so that readers can't misunderstand what we are trying to explain.
But I technically agree with everything you wrote.
peterhaochen47
force-pushed
the
pr/develop/improve-token-revocation-docs
branch
from
cf91ed0 to
a9bcdc7
Compare
[#177045463] Co-authored-by: Peter Chen <[email protected]>
[#177045463] Co-authored-by: Peter Chen <[email protected]>
peterhaochen47
force-pushed
the
pr/develop/improve-token-revocation-docs
branch
from
a9bcdc7 to
e072ab3
Compare
[#177045463]
| Refresh tokens in any format can be revoked using the "Revoke all tokens for a user" endpoint (``/oauth/token/revoke/user/{userId}``), | ||
| the "Revoke all tokens for a client" endpoint (``/oauth/token/revoke/client/{clientId}``), or | ||
| the "Revoke all tokens for a user and client combination" endpoint (``/oauth/token/revoke/user/{userId}/client/{clientId}``). | ||
|
|
There was a problem hiding this comment.
Maybe link to the API docs could be useful for all the different endpoints?
There was a problem hiding this comment.
I find that more than trivial to execute, but please feel free to make further improvements to the doc yourself.
Thanks! Yes, one issue filed here: cloudfoundry/uaa-release#813 |
No description provided.