Invalidate Token API
editInvalidate Token API
editInvalidate Token Request
editThe InvalidateTokenRequest
supports invalidating
- A specific token, that can be either an access token or a refresh token
- All tokens (both access tokens and refresh tokens) for a specific realm
- All tokens (both access tokens and refresh tokens) for a specific user
- All tokens (both access tokens and refresh tokens) for a specific user in a specific realm
Specific access token
editInvalidateTokenRequest invalidateTokenRequest = InvalidateTokenRequest.accessToken(accessToken);
Specific refresh token
editInvalidateTokenRequest invalidateTokenRequest = InvalidateTokenRequest.refreshToken(refreshToken);
All tokens for realm
editInvalidateTokenRequest invalidateTokenRequest = InvalidateTokenRequest.realmTokens("default_native");
All tokens for user
editInvalidateTokenRequest invalidateTokenRequest = InvalidateTokenRequest.userTokens("other_user");
All tokens for user in realm
editInvalidateTokenRequest invalidateTokenRequest = new InvalidateTokenRequest(null, null, "default_native", "extra_user");
Synchronous execution
editWhen executing a InvalidateTokenRequest
in the following manner, the client waits
for the InvalidateTokenResponse
to be returned before continuing with code execution:
InvalidateTokenResponse invalidateTokenResponse = client.security().invalidateToken(invalidateTokenRequest, RequestOptions.DEFAULT);
Synchronous calls may throw an IOException
in case of either failing to
parse the REST response in the high-level REST client, the request times out
or similar cases where there is no response coming back from the server.
In cases where the server returns a 4xx
or 5xx
error code, the high-level
client tries to parse the response body error details instead and then throws
a generic ElasticsearchException
and adds the original ResponseException
as a
suppressed exception to it.
Asynchronous execution
editExecuting a InvalidateTokenRequest
can also be done in an asynchronous fashion so that
the client can return directly. Users need to specify how the response or
potential failures will be handled by passing the request and a listener to the
asynchronous invalidate-token method:
The asynchronous method does not block and returns immediately. Once it is
completed the ActionListener
is called back using the onResponse
method
if the execution successfully completed or using the onFailure
method if
it failed. Failure scenarios and expected exceptions are the same as in the
synchronous execution case.
A typical listener for invalidate-token
looks like:
Invalidate Token Response
editThe returned InvalidateTokenResponse
contains the information regarding the tokens that the request
invalidated.
-
invalidatedTokens
-
Available using
getInvalidatedTokens
denotes the number of tokens that this request invalidated. -
previouslyInvalidatedTokens
-
Available using
getPreviouslyInvalidatedTokens
denotes the number of tokens that this request attempted to invalidate but were already invalid. -
errors
-
Available using
getErrors
contains possible errors that were encountered while attempting to invalidate specific tokens.
final List<ElasticsearchException> errors = invalidateTokenResponse.getErrors(); final int invalidatedTokens = invalidateTokenResponse.getInvalidatedTokens(); final int previouslyInvalidatedTokens = invalidateTokenResponse.getPreviouslyInvalidatedTokens();