我的书签
添加书签
移除书签Managing user-owned OAuth access tokens
- Listing user-owned OAuth access tokens
- Viewing the details of a user-owned OAuth access token
- Deleting user-owned OAuth access tokens
Users can review their own OAuth access tokens and delete any that are no longer needed.
Listing user-owned OAuth access tokens
You can list your user-owned OAuth access tokens. Token names are not sensitive and cannot be used to log in.
Procedure
List all user-owned OAuth access tokens:
$ oc get useroauthaccesstokens
Example output
NAME CLIENT NAME CREATED EXPIRES REDIRECT URI SCOPES<token1> openshift-challenging-client 2021-01-11T19:25:35Z 2021-01-12 19:25:35 +0000 UTC https://oauth-openshift.apps.example.com/oauth/token/implicit user:full<token2> openshift-browser-client 2021-01-11T19:27:06Z 2021-01-12 19:27:06 +0000 UTC https://oauth-openshift.apps.example.com/oauth/token/display user:full<token3> console 2021-01-11T19:26:29Z 2021-01-12 19:26:29 +0000 UTC https://console-openshift-console.apps.example.com/auth/callback user:full
List user-owned OAuth access tokens for a particular OAuth client:
$ oc get useroauthaccesstokens --field-selector=clientName="console"
Example output
NAME CLIENT NAME CREATED EXPIRES REDIRECT URI SCOPES<token3> console 2021-01-11T19:26:29Z 2021-01-12 19:26:29 +0000 UTC https://console-openshift-console.apps.example.com/auth/callback user:full
Viewing the details of a user-owned OAuth access token
You can view the details of a user-owned OAuth access token.
Procedure
Describe the details of a user-owned OAuth access token:
$ oc describe useroauthaccesstokens <token_name>
Example output
Name: <token_name> (1)Namespace:Labels: <none>Annotations: <none>API Version: oauth.openshift.io/v1Authorize Token: sha256~Ksckkug-9Fg_RWn_AUysPoIg-_HqmFI9zUL_CgD8wr8Client Name: openshift-browser-client (2)Expires In: 86400 (3)Inactivity Timeout Seconds: 317 (4)Kind: UserOAuthAccessTokenMetadata:Creation Timestamp: 2021-01-11T19:27:06ZManaged Fields:API Version: oauth.openshift.io/v1Fields Type: FieldsV1fieldsV1:f:authorizeToken:f:clientName:f:expiresIn:f:redirectURI:f:scopes:f:userName:f:userUID:Manager: oauth-serverOperation: UpdateTime: 2021-01-11T19:27:06ZResource Version: 30535Self Link: /apis/oauth.openshift.io/v1/useroauthaccesstokens/<token_name>UID: f9d00b67-ab65-489b-8080-e427fa3c6181Redirect URI: https://oauth-openshift.apps.example.com/oauth/token/displayScopes:user:full (5)User Name: <user_name> (6)User UID: 82356ab0-95f9-4fb3-9bc0-10f1d6a6a345Events: <none>
1 The token name, which is the sha256 hash of the token. Token names are not sensitive and cannot be used to log in. 2 The client name, which describes where the token originated from. 3 The value in seconds from the creation time before this token expires. 4 If there is a token inactivity timeout set for the OAuth server, this is the value in seconds from the creation time before this token can no longer be used. 5 The scopes for this token. 6 The user name associated with this token.
Deleting user-owned OAuth access tokens
The oc logout command only invalidates the OAuth token for the active session. You can use the following procedure to delete any user-owned OAuth tokens that are no longer needed.
Deleting an OAuth access token logs out the user from all sessions that use the token.
Procedure
Delete the user-owned OAuth access token:
$ oc delete useroauthaccesstokens <token_name>
Example output
useroauthaccesstoken.oauth.openshift.io "<token_name>" deleted
