Revoke the access token using api okta restTemplate form batch

Questions
1

I need to revoke token okta form batch java , using restTemplat .
when I did the research sur okta dev , I found that must go through an API but the probleme
i"dont have okta_session_cookie , what I stored in the database at the time of connection is just the access token ,I am looking for a complete process to revoke the token, my point of entry is just the access token okta,

here is what i found

image
image1333×651 73.7 KB 

 HttpHeaders headers = new HttpHeaders();
    headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE);
    HttpEntity<?> entity = new HttpEntity(headers);
    UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(REVOKE_URL)
            .queryParam("token", tokenDetailsDto.getRefreshToken());
    LOGGER.info("used parameters:\n\turl={},\n\tentity={},\n\turiParameters={}", REVOKE_URL, entity);
    restTemplate.postForObject(builder.build().encode().toUri(), entity, Void.class);
2

@mohamedberrahal Can you pls try to test the API endpoint in postman first?

image
image1910×564 55.4 KB

You can import Okta postman collections via the below reference:
https://developer.okta.com/docs/reference/postman-collections/

3

Hi Lijia,

image
image1039×581 64.1 KB

4

I tried with this API too

image
image1361×723 143 KB

5

in my okta dashbord I have

image
image818×255 56 KB

6

@mohamedberrahal Did you manually add the client id in Body? Why not add it in the authorization tab?
What type of application you have?

7

Yes i add client id in the autorisation , bat the problem persiste

image
image993×546 78.6 KB

8

@mohamedberrahal It looks like your client id is not correct. Also, the two screens you attached earlier is not revoke token. One is get token and another one is delete current session.
I suggest you to open a support ticket through an email to support@okta.com. One of our dev support engineers will help you review this API issue.

9

Merci Lijia, I create new ticket in okta support :pray: :pray: :pray:

10

helloo Lijia,

on okta support he asks me to go through dev forum :sweat: :sweat:

image
image1148×680 57 KB

11

@mraible do you have any idea , thank you in advance for your return

12

As far as I know, access tokens can not be revoked, they just expire. That’s why we recommend having short-lived access tokens and long-lived refresh tokens.

13

ok thank you matt I understood, in other words I can do otherwise, to delete the user session via this API https://xxx.okta.com/api/v1/sessions/me ? as an entry point the 'access token no?
but I do not have the cookie session id, I am in a batch

14

It’s best to use our logout API when trying to end a user’s session.

We also have a guide that shows how to sign users out.

https://developer.okta.com/docs/guides/sign-users-out/react/sign-out-of-okta/

15

Yes, I see this example bat ,I have to do this from a java batch not a fornt application (like react angular) either , and the entry point that I have is the access token and the clientId : ‘0oaxxxxkkgkgxxx’ , really i’m blocking, if you have a proposal , thanks in advance matt

restTemplate.exchange( …

16

If you don’t have a ID Token, you can’t use the guides I suggested. I’d suggest having a short-lived access token instead. It’s possible there’s another technique, but I’m not familiar with it.