we are developing a SaaS service and we would like to implement a management of users’ API tokens. These tokens will be used by our users to authorize 3th party tools to access our API.
The goal is provide a functionality to create, revoke and see last usage of all user’s API tokens.
From Okta APIs seems to be best use this flow: Get a refresh token | Okta Developer
and really, we are able to generate and API token (refresh) token for our users.
Well, I have not found any useful Okta APIs for API token management. How to show a list of active tokens for current user? How to revoke a selected refresh token? How to get a last usage of a token?
I want to prevent storing refresh tokens in my database for security reasons. Could you suggest me how implement my usecases?