oltu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stein Welberg <st...@onegini.com>
Subject Re: Force re-authentication
Date Wed, 22 Apr 2015 05:38:59 GMT
Hi Jude,

Oltu does not support such a scenario because the scenario you are describing is not part
of the OAuth specification nor does it have anything to do with it :-). There are specifications
to revoke an access token [1], as you already found out google allows you to do this. However,
it does not enforce the scenario you are looking for. I’m afraid you have to look for something
else because this is not standardised and therefore all providers have chosen a different
path.

I’m afraid you are on your own on this.

[1] https://tools.ietf.org/html/rfc7009 <https://tools.ietf.org/html/rfc7009>

Met vriendelijke groet / Kind regards,

Stein Welberg | CTO







M: +31639110574 | stein@onegini.com <mailto:stein@onegini.com> | Pompmolenlaan 9, 3447
GK, Woerden | www.onegini.com <http://www.onegini.com/>



> On 21 Apr 2015, at 23:07, Tiburtius, Ashwanth [IWD] <Ashwanth.Tiburtius@iwd.iowa.gov>
wrote:
> 
> Hi all,
> 
> I m using Apache Oltu as OAuth library to authenticate users against Google, Yahoo and
Microsoft. It has worked great. Within my application I need to ask the user to re-authenticate
themselves before accessing certain pages. This is what I have found so far on this topic.
> 
> Google – lets you revoke access token using “https://accounts.google.com/o/oauth2/revoke?token=
<https://accounts.google.com/o/oauth2/revoke?token=>”. But this doesn’t force re-authentication
by password entry but displays only the consent screen again.
> Yahoo – has no support for this. We have to log the user out using something like https://login.yahoo.com/config/login?logout=1
<https://login.yahoo.com/config/login?logout=1>.
> Microsoft – has url “https://login.live.com/oauth20_logout.srf?client_id=CLIENT_ID&redirect_url=REDIRECT_URL
<https://login.live.com/oauth20_logout.srf?client_id=CLIENT_ID&redirect_url=REDIRECT_URL>”
to support this behavior. I am in the process of testing it.
> 
> Does Oltu have any apis related to this functionality? Has any open tried to implement
this? Any help is much appreciated. Thank you.
> 
> Regards,
> Jude.


Mime
View raw message