OCI Identity Cloud Service (IDCS) - Revoke Refresh Token for Public Client Applications
(Doc ID 2900771.1)
Last updated on JANUARY 09, 2024
Applies to:
Identity Cloud Service (IDCS) - Version N/A to N/AInformation in this document applies to any platform.
Symptoms
The business requirement is to revoke refresh tokens for Public (mobile) clients & confidential applications to address security requirements.
When a mobile application is integrated with Oracle Identity Cloud Service (IDCS) by OpenID Connect (3-legged), and the application is registered in Oracle Identity Cloud Service (IDCS) as a public application with clientid (no client secret), Oracle Identity Cloud Service (IDCS) provides a REST API for revoking Refresh Token that requires one of the following options:
The mobile application has only clientid, no client secret, and no administrator access token.
Changes
N/A
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |