Invalidate a user session
Removes all the current access grants associated with the specified user. This operation removes all access tokens, refresh tokens, and refresh secrets issued to the user. Removing the access grants forces the user to re-authenticate should they attempt to exercise any of those grants.
Note that this endpoint doesn't remove access grants managed by other services, such as Single Sign-On or Hosted Login.
API client permissions
The following table indicates the API clients that can or can't be used to call this operation:
| owner | access_issuer | direct_access | direct_access_read | login_client |
|---|---|---|---|---|
| ✓ | ✓ | ✓ | ✗ | ✓ |
Authentication
This operation supports both Basic authentication (recommended) and janrain-signed authentication. See Get started for more information.
Base URL
The base URL for this operation is your Identity Cloud Capture domain; for example:
https://educationcenter.us-dev.janraincapture.com
Your Capture domain (also known as a Registration domain) can be found in Console on the Manage Application page.
Examples: Delete access grants
This command deletes all the access grants that reference the user with the uuid 2efede78-fdf7-4e38-9785-4a82de768b9f.
curl -X POST \
-H "Authorization: Basic c2dueXZ1czZwYzRqbTdraHIybmVxNWdzODlnYnIyZXE6d3Q0YzN1bjl3a2tjZnZ5a25xeDQ0eW5jNDc2YWZzNjg=" \
--data-urlencode type_name=user \
--data-urlencode uuid=2efede78-fdf7-4e38-9785-4a82de768b9f \
https://my-app.janraincapture.com/entity.deleteAccess
Example response
If your API call succeeds the response consists of the status ok:
{
"stat": "ok"
}
Query parameters
All parameters need to be configured as x-www-form-urlencoded body parameters.
| Parameter | Type | Required | Description |
|---|---|---|---|
| id | string | ✗ | Unique identifier of the user account. Required if you aren't using the uuid or key_attribute parameters. |
| key_attribute | string | ✗ | Name of a unique attribute in the schema that can be used to identify the user account. Required if you aren't using the id or uuid parameters. |
| key_value | string | ✗ | Value for the attribute specified by the key_attribute parameter. For example, if key_attribute is set to email then key_value needs to be set to the email address of the user's whose session you're invalidating. Note that string values must be enclosed in quotes. |
| uuid | string | ✗ | Unique identifier of the user account. Required if you aren't using the id or key_attribute parameters. |
Updated almost 2 years ago