Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Fixed
Fix Version/s: 2.5.3
Component/s: REST, SSO
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Request URIs:

DELETE /user/{username}/session
DELETE /user/{username}/session?exclude={token}

shall delete all sessions maintained for the specified user. This effectively logs them out everywhere.

If an exclude parameter is provided, presumably using the token in the current browser, then that session (if it exists) is excluded. If it does not exist, there is no error.

Response status:

404 Not Found - if the user does not exist
205 Reset Content - otherwise (and no body content is returned)

If you insist on maintain the terrible URI formats for user resources, they'll have to look like this:

DELETE /user/session?username={username}
DELETE /user/session?username={username}&exclude={token}

Attachments

Issue Links

has a derivative of

CWD-3057 Add an operation in the REST client to invalidate all tokens of a given user

Closed

is duplicated by

CWD-2958 Crowd to expose a REST API to clear a user's tokens

Closed

mentioned in: Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...

Activity

People

Assignee:: joe

Reporter:: JoshA

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 17/Jul/2012 6:00 AM

Updated:: 19/Sep/2019 5:50 AM

Resolved:: 31/Oct/2012 11:46 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Not Specified

Logged:

22m