IBM Security Verify

 View Only

  • 1.  Revoke all tokens for user

    Posted Mon July 27, 2020 09:37 AM
    Hi Community,

    I want to manage the session for the user who is using the OAuth token. So I will not allow users to get more than one token. How can you deal with this situation?

    Thanks

    ------------------------------
    mohamed ghonem
    ------------------------------


  • 2.  RE: Revoke all tokens for user

    Posted Mon July 27, 2020 09:49 AM
    Hi Mohamed,

    There is an option called rate limit in the pretoken info map. You can use it to limit the number of tokens that the user can have per time period.

    ------------------------------
    Hossam Shebl
    ------------------------------

    Original Message


  • 3.  RE: Revoke all tokens for user

    Posted Fri August 07, 2020 08:15 AM
    Hi,
    Did you have a look at the PreToken script?
    /**
     * Limit the number of tokens per user per client.
     *
     * The code enforces a maximum for the number of grants allowed on a per 
     * user per client basis.
     *
     * To change the limit, set the variable "max_oauth_grants_per_user_per_client"
     * to an integer value. The default limit is 20.
     *
     * Two algorithms are implemented in this mapping rule:
     *     1) Strictly enforce the limit.
     *     2) When the limit is reached, remove the least recently used token(s)
     *        for the user per client.
     *
     * The algorithm strictly enforce the limit is the default.
     *
     * The algorithm being used is controlled by the variables "limit_method", set
     * it to "strict" or "lru".
     *
     * To disable limiting the number of tokens allowed, change the
     * "limit_oauth_grants_per_user_per_client" variable to "false".
     */


    ------------------------------
    -------------------
    Emmanuel Fauconnier
    9.0.7.1
    -------------------
    ------------------------------

    Original Message