0

Is there a way to programmatically revoke all user-generated tokens for a service user?

I saw some endpoints in the Multipass internal API, but from my understanding those are locked down for FE use. This is for killing off restricted tokens in the break-the glass-case, or when we kill off a connection to a remote system.

Adil B
  • 14,635
  • 11
  • 60
  • 78
ataheri
  • 47
  • 3

1 Answers1

0

If this is just for one-off break-the-glass scenario, feel free to use internal APIs. You probably want the getTokens and revokeToken endpoints.

Reminder: Restricted tokens are not user-generated tokens. And restricted tokens should have very short lifetimes (ideally 1 hour or less) so revoking them shouldn’t really be a concern.

ataheri
  • 47
  • 3
  • 2
    This answer would benefit from an explanation of "how" to use the endpoints you reference, since that's what you are asking in the question, rather than just pointing out which endpoints _might work_. – TylerH Feb 24 '22 at 15:14