[DOCS] Corrected API path for invalidate token and SSL certificate examples (#39530)
This commit is contained in:
Lisa Cawley
lcawl
parent
e2b88bc706
commit
efd7003ea9
|
|
@ -92,6 +92,7 @@ buildRestTests.docs = fileTree(projectDir) {
|
|||
exclude 'build'
|
||||
// These file simply doesn't pass yet. We should figure out how to fix them.
|
||||
exclude 'en/watcher/reference/actions.asciidoc'
|
||||
exclude 'en/rest-api/security/ssl.asciidoc'
|
||||
}
|
||||
|
||||
Map<String, String> setups = buildRestTests.setups
|
||||
|
|
|
|||
|
|
@ -22,7 +22,8 @@ can no longer be used. That time period is defined by the
|
|||
The refresh tokens returned by the <<security-api-get-token,get token API>> are
|
||||
only valid for 24 hours. They can also be used exactly once.
|
||||
|
||||
If you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.
|
||||
If you want to invalidate one or more access or refresh tokens immediately, use
|
||||
this invalidate token API.
|
||||
|
||||
|
||||
==== Request Body
|
||||
|
|
@ -31,26 +32,56 @@ The following parameters can be specified in the body of a DELETE request and
|
|||
pertain to invalidating tokens:
|
||||
|
||||
`token` (optional)::
|
||||
(string) An access token. This parameter cannot be used any of `refresh_token`, `realm_name` or
|
||||
`username` are used.
|
||||
(string) An access token. This parameter cannot be used any of `refresh_token`,
|
||||
`realm_name` or `username` are used.
|
||||
|
||||
`refresh_token` (optional)::
|
||||
(string) A refresh token. This parameter cannot be used any of `refresh_token`, `realm_name` or
|
||||
`username` are used.
|
||||
(string) A refresh token. This parameter cannot be used any of `refresh_token`,
|
||||
`realm_name` or `username` are used.
|
||||
|
||||
`realm_name` (optional)::
|
||||
(string) The name of an authentication realm. This parameter cannot be used with either `refresh_token` or `token`.
|
||||
(string) The name of an authentication realm. This parameter cannot be used with
|
||||
either `refresh_token` or `token`.
|
||||
|
||||
`username` (optional)::
|
||||
(string) The username of a user. This parameter cannot be used with either `refresh_token` or `token`
|
||||
(string) The username of a user. This parameter cannot be used with either
|
||||
`refresh_token` or `token`
|
||||
|
||||
NOTE: While all parameters are optional, at least one of them is required. More specifically, either one of `token`
|
||||
or `refresh_token` parameters is required. If none of these two are specified, then `realm_name` and/or `username`
|
||||
need to be specified.
|
||||
NOTE: While all parameters are optional, at least one of them is required. More
|
||||
specifically, either one of `token` or `refresh_token` parameters is required.
|
||||
If none of these two are specified, then `realm_name` and/or `username` need to
|
||||
be specified.
|
||||
|
||||
==== Examples
|
||||
|
||||
The following example invalidates the specified token immediately:
|
||||
For example, if you create a token using the `client_credentials` grant type as
|
||||
follows:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
POST /_security/oauth2/token
|
||||
{
|
||||
"grant_type" : "client_credentials"
|
||||
}
|
||||
--------------------------------------------------
|
||||
// CONSOLE
|
||||
// TEST
|
||||
|
||||
The get token API returns the following information about the access token:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
{
|
||||
"access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
|
||||
"type" : "Bearer",
|
||||
"expires_in" : 1200
|
||||
}
|
||||
--------------------------------------------------
|
||||
// CONSOLE
|
||||
// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
|
||||
|
||||
This access token can now be immediately invalidated, as shown in the following
|
||||
example:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
|
|
@ -59,57 +90,97 @@ DELETE /_security/oauth2/token
|
|||
"token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ=="
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
// CONSOLE
|
||||
// TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
|
||||
// TEST[continued]
|
||||
|
||||
whereas the following example invalidates the specified refresh token immediately:
|
||||
If you used the `password` grant type to obtain a token for a user, the response
|
||||
might also contain a refresh token. For example:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
POST /_security/oauth2/token
|
||||
{
|
||||
"grant_type" : "password",
|
||||
"username" : "test_admin",
|
||||
"password" : "x-pack-test-password"
|
||||
}
|
||||
--------------------------------------------------
|
||||
// CONSOLE
|
||||
// TEST
|
||||
|
||||
The get token API returns the following information:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
{
|
||||
"access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
|
||||
"type" : "Bearer",
|
||||
"expires_in" : 1200,
|
||||
"refresh_token": "vLBPvmAB6KvwvJZr27cS"
|
||||
}
|
||||
--------------------------------------------------
|
||||
// CONSOLE
|
||||
// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
|
||||
// TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/]
|
||||
|
||||
The refresh token can now also be immediately invalidated as shown
|
||||
in the following example:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
DELETE /_security/oauth2/token
|
||||
{
|
||||
"refresh_token" : "movUJjPGRRC0PQ7+NW0eag"
|
||||
"refresh_token" : "vLBPvmAB6KvwvJZr27cS"
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
// CONSOLE
|
||||
// TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/]
|
||||
// TEST[continued]
|
||||
|
||||
The following example invalidates all access tokens and refresh tokens for the `saml1` realm immediately:
|
||||
The following example invalidates all access tokens and refresh tokens for the
|
||||
`saml1` realm immediately:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
DELETE /_xpack/security/oauth2/token
|
||||
DELETE /_security/oauth2/token
|
||||
{
|
||||
"realm_name" : "saml1"
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
// CONSOLE
|
||||
// TEST
|
||||
|
||||
The following example invalidates all access tokens and refresh tokens for the user `myuser` in all realms immediately:
|
||||
The following example invalidates all access tokens and refresh tokens for the
|
||||
user `myuser` in all realms immediately:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
DELETE /_xpack/security/oauth2/token
|
||||
DELETE /_security/oauth2/token
|
||||
{
|
||||
"username" : "myuser"
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
// CONSOLE
|
||||
// TEST
|
||||
|
||||
Finally, the following example invalidates all access tokens and refresh tokens for the user `myuser` in
|
||||
the `saml1` realm immediately:
|
||||
Finally, the following example invalidates all access tokens and refresh tokens
|
||||
for the user `myuser` in the `saml1` realm immediately:
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
DELETE /_xpack/security/oauth2/token
|
||||
DELETE /_security/oauth2/token
|
||||
{
|
||||
"username" : "myuser",
|
||||
"realm_name" : "saml1"
|
||||
}
|
||||
--------------------------------------------------
|
||||
// NOTCONSOLE
|
||||
// CONSOLE
|
||||
// TEST
|
||||
|
||||
A successful call returns a JSON structure that contains the number of tokens that were invalidated, the number
|
||||
of tokens that had already been invalidated, and potentially a list of errors encountered while invalidating
|
||||
specific tokens.
|
||||
A successful call returns a JSON structure that contains the number of tokens
|
||||
that were invalidated, the number of tokens that had already been invalidated,
|
||||
and potentially a list of errors encountered while invalidating specific tokens.
|
||||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -78,12 +78,13 @@ node of {es}:
|
|||
|
||||
[source,js]
|
||||
--------------------------------------------------
|
||||
GET /_xpack/certificates
|
||||
GET /_ssl/certificates
|
||||
--------------------------------------------------
|
||||
// CONSOLE
|
||||
// TEST[skip:todo]
|
||||
// TEST
|
||||
|
||||
The API returns the following results:
|
||||
|
||||
[source,js]
|
||||
----
|
||||
[
|
||||
|
|
@ -116,4 +117,4 @@ The API returns the following results:
|
|||
}
|
||||
]
|
||||
----
|
||||
// NOTCONSOLE
|
||||
// NOTCONSOLE
|
||||
|
|
|
|||
Loading…
Reference in New Issue