OAuth

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OAuth

Robert Morschel
Hi,

We're currently running OpenAM v12 and are looking for a mechanism to enable users to revoke OAuth application consents.  We follow the OAuth server-side authentication so "user" is the end user and not the "Oauth client" server app.

One option appears to be via the self-service dashboard:  https://backstage.forgerock.com/#!/docs/openam/12.0.0/release-notes/chap-whats-new  (see section Authorized Application Management)

To try this out I grant an application access to my user account which subsequently obtains an access and refresh token. I then log into the OpenAM console with my user credentials where I can see the dashboard with an empty section "MyApplications". However, there isn't a section "Authorized Apps", or any applications.

Any suggestions on what needs to be done?

Many thanks
Robert Morschel
The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44(020 7896 0011) and then delete the email and any copies of it. Opinions, conclusion (etc) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG is a trading name of IG Markets Limited (a company registered in England and Wales, company number 04008957) and IG Index Limited (a company registered in England and Wales, company number 01190902). Registered address at Cannon Bridge House, 25 Dowgate Hill, London EC4R 2YA. Both IG Markets Limited (register number 195355) and IG Index Limited (register number 114059) are authorised and regulated by the Financial Conduct Authority.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OAuth

Robert Morschel
Hi,

We are planning to use OpenAM (v12) OAuth and have prototyped the basic flow where consent is granted by a customer of ours to a 3rd party application.  What is not clear however, is how we implement the revoking of this consent.   Is there an API for this?

Regards,
Robert Morschel


The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44(020 7896 0011) and then delete the email and any copies of it. Opinions, conclusion (etc) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG is a trading name of IG Markets Limited (a company registered in England and Wales, company number 04008957) and IG Index Limited (a company registered in England and Wales, company number 01190902). Registered address at Cannon Bridge House, 25 Dowgate Hill, London EC4R 2YA. Both IG Markets Limited (register number 195355) and IG Index Limited (register number 114059) are authorised and regulated by the Financial Conduct Authority.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OAuth

Cyril Grosjean-2
RFC 7009 (https://tools.ietf.org/html/rfc7009) is about OAUTH 2 token
revocation.
It's implemented from OpenAM 13.5 .

Another way of managing consents (and the ability to revoke them and the
relevant tokens)
is the UMA protocol, which relies on OAUTH 2 tokens. I don't know your
exact use cases,
it may not be relevant, but still good to know at least.

But support of UMA requires OpenAM 13 at least ..
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Loading...