...
| Code Block |
|---|
DELETE http://{domain}/_admin/manage/tenants/tenant256/tokens/53dfb96dc6d5b9cacd174e3649cba6d5
Authorization: Basic Z2NhcmxpbjpmdW5ueQ== |
The Gateway will return returns a Set-Cookie header to clear your token if you delete a token and use the same token that you are deleting to authenticate the request. This is useful when implementing logout pages for web browsers.
...
| Info |
|---|
NoteThe operation must be authenticated using either the token within a Cookie header or by using a valid user and password in an Authentication header with the request when using the token in the URI path. The audit log will reflect reflects the name of user that owns the token if the cookie is used or the name of the authenticated user if HTTP basic authentication is used. |
...
Gateway allows unexpired tokens to continue to work for locked accounts because identity management systems are poor at signalling that an account has been locked. The token will stop stops working as soon as it expires from cache for a removed account.
...
Standardize an attribute within one of the schemas that apply to the user record for which enabled user accounts will always have set to a known value.
Design a test for the value.
Info title Tip Although you can use a negative test to find disabled accounts, there is less risk of mistakes with the affirmative method (attribute is value). Use the pwdPolicy schema with the pwdLockout attribute and use the userFilter to require the pwdLockout attribute to be true.
...