Invalidate Session on Portal with rest address

560
4
Jump to solution
06-08-2020 01:27 AM
GuillaumeArnaud
New Contributor III

Hello,

I would like to invalidate the session and/or remove token of my user by using portal rest.

I see that i can navigate till this address https://<community-url>/users/<userName>/invalidateSessions but i can't see the adress call when i put the button to invalidate session.

I also try with https://<oauth2-url>/revokeToken but i have http 400 error : Invalid URL.

Could you held me to disconnect my users ?

Thanks

Guillaume ARNAUD

0 Kudos
1 Solution

Accepted Solutions
JeffSmith
Esri Contributor

Hi Guillaume,

What release of Portal for ArcGIS are you using?  The /sharing/rest/oauth2/revokeToken operation was added in 10.7.1 so anything older would return the 'Invalid URL' error message you are seeing.  Prior to 10.7.1, the oauth token could only be revoked by calling oauth2/signout.

Jeff

View solution in original post

4 Replies
JeffSmith
Esri Contributor

Hi Guillaume,

Both of those methods should work fine to invalidate tokens.  The urls just need to be adjusted to match your Portal url.

https://yourportal.domain.com/web_adaptor/sharing/rest/oauth2/revokeToken

and

https://yourportal.domain.com/web_adaptor/sharing/rest/community/users/<username>/invalidateSessions

Keep in mind that these only invalidate OAuth tokens.  They cannot be used to invalidate tokens created through the generateToken operation.

Jeff

GuillaumeArnaud
New Contributor III

Hi,

I need to revoke only one token of a specific app. I try to use https://yourportal.domain.com/web_adaptor/sharing/rest/oauth2/revokeToken (Revoke Token—ArcGIS REST API | ArcGIS for Developers ) but it doesn't match.

I call url in post in JAVA :

            String data = "";
            int i = 0;
            for ( Entry<String, String> entry : this.url_param.entrySet() ) {
                if ( i != 0 ) {
                    data += "&";
                }
                data += URLEncoder.encode( entry.getKey(), "UTF-8" ) + "=" + URLEncoder.encode( entry.getValue(), "UTF-8" );
                i += 1;
            }
            // création de la connection
            URL url = new URL( this.adress );
            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            conn.setDoOutput( true );
            conn.setInstanceFollowRedirects( false );
            conn.setRequestMethod( "POST" );
            conn.setUseCaches( false );

            // envoi de la requête
            writer = new OutputStreamWriter( conn.getOutputStream(), "UTF-8" );
            writer.write( data );
            writer.flush();

            // lecture de la réponse
            reader = new BufferedReader( new InputStreamReader( conn.getInputStream(), "UTF-8" ) );
            String ligne;
            this.page = "";
            while ( ( ligne = reader.readLine() ) != null ) {
                this.page += ligne;
            }

The URL seems to be correct :

https://lacarto.ledepartement82.fr/portail/sharing/rest/oauth2/revokeToken

Parameters to :

{f=json, auth_token=<token>, client_id=<appId>}

but :
{error={code=400, messageCode=GWM_0002, details=[], message=Invalid URL}}

Could you help me ?

Thanks

Guillaume

0 Kudos
JeffSmith
Esri Contributor

Hi Guillaume,

What release of Portal for ArcGIS are you using?  The /sharing/rest/oauth2/revokeToken operation was added in 10.7.1 so anything older would return the 'Invalid URL' error message you are seeing.  Prior to 10.7.1, the oauth token could only be revoked by calling oauth2/signout.

Jeff

View solution in original post

GuillaumeArnaud
New Contributor III

Ok, i don't read this informations on help. We are in 10.6.1 so it's normal.

Need to update.

Thanks

0 Kudos