IDAAS core
Getting started with the OneWelcome Identity Platform
Events
IDAAS core - Access
- Securing resources
- Client authentication methods
- Client application configuration
  - Scope configuration
  - Identity providers
  - Resource gateway configuration
  - Scopes API
  - Scope Verification Service
  - Identity provider API
  - Protected data in single-page apps
- OAuth 2.0 and OpenID Connect
  - OpenID Connect
  - OpenID Connect authentication
  - OpenID Connect scopes and claims
  - User claims and attributes
  - OpenID provider configuration
  - ID token encryption
  - Web clients
    - Resource owner password credentials
    - Uniquely identify guests
    - Migration of web clients with hashed secrets
    - Web clients API
  - Tokens
    - Access tokens
    - ID tokens
    - Refresh tokens
    - Access token API
    - Token introspection API
  - iFrame session monitoring
    - Relying party iFrame
    - End session API
    - Session management APIs
  - Relying party examples
  - OAuth endpoints
  - OAuth configuration
  - Discovery API
  - JSON Web Key Set API
  - User information API
  - OAuth consent API
- Custom authenticators
- General system properties
  - Configure system features
  - Session configuration
  - CORS support
  - Extension engine properties
  - SAML service provider configuration
  - API clients API
  - Responsible disclosure policy
- Access events
  - Audit events
  - Audit log
  - Events API
  - Security events
- Web hooks
  - Web hooks configuration API
- User session API
IDAAS core - Tulip
- Tenants and brands
- Identity store and data model
  - SCIM API
  - SCIM schemas
  - SCIM user management
  - SCIM user attributes
  - SCIM API versions
- Credential store
  - Email address management
  - Password management
  - Password policies
- OAuth 2.0 and OpenID Connect
  - OAuth 2.0 and OpenID Connect setup
  - Device flow
  - OAuth client authentication methods
  - Proof Key for Code Exchange
  - Step-up authentication
  - OAuth 2.0 and OpenID Connect API
  - Dynamic client registration API
  - OAuth OIDC error handling
- Account lockout
- Session management
- Event store
- API rules
- Reports
- Email overview
Authentication
- Authentication FAQ
- Password migration

Access token API

The access token API provides access token management capabilities. The token endpoints are only accessible with valid API client credentials. A web application can use these endpoints to list or delete active tokens for a specific user. For example, the web application can show the user a list of devices with authenticated sessions, and allow the user to revoke access for a device (by deleting the corresponding token).

List access tokens

Endpoint: GET /oauth/api/v1/users/{userId}/tokens

Parameter	Description
`userId`	User identifier

This endpoint requires basic authentication, using the API client credentials. If the user does not exist, or if the user has no valid access tokens, a 404 Not Found message is returned. If the user has one or more valid tokens, an array is returned with the following attributes.

Attribute	Description
`id`	UUID identifying the token.
`client_name`	Name specified for the client that has access to the user's resources via this token.
`device_name`	Name of the device that this token is granted to. It might be not present, because this attribute only contains a value if there is a dynamically registered client.
`created_at`	Timestamp of the moment the access token was created.
`scopes`	String array with scopes that were granted for this access token.
`type`	The authentication method to be used with this access token.
`refresh_token_issued`	Indicates whether a refresh token has been issued alongside the access token.
`expired`	Indicates whether the access token has expired. Tokens without an issued refresh token are omitted from the response after they expire.

Example response

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
  "tokens": [
    {
      "id": "7d507b7e-6221-4f06-a75e-ef6e6f06d32b",
      "client_name": "Client X",
      "device_name": "my iPad",
      "created_at": 1381322054000,
      "scopes": [
        "email",
        "profile"
      ],
      "type":"DEFAULT",
      "refresh_token_issued": true,
      "expired": false
    },
    {
      "id": "1c05119e-21b2-4905-bc93-8f67790a16d6",
      "client_name": "Client Y",
      "created_at": 1381321302000,
      "scopes": [
        "email"
      ],
      "type":"FINGER_PRINT",
      "refresh_token_issued": true,
      "expired": false
    }
  ]
 }

Example error response

{
  "error": "No tokens found"
}

Delete or revoke access token

Endpoint: DELETE /oauth/api/v1/users/{userId}/tokens/{tokenId}

Parameter	Description
`userId`	Identifier of the user
`tokenId`	Identifier of the access token

This endpoint requires basic authentication, using the API client credentials. This endpoint returns a 204 No Content message regardless of whether the user or token existed before deletion.

Access token API

List access tokens

Delete or revoke access token

On this page

Suggest A Change