Managing user-owned OAuth access tokens

    You can list your user-owned OAuth access tokens. Token names are not sensitive and cannot be used to log in.

    Procedure

    • List all user-owned OAuth access tokens:

      Example output

      2. <token1>   openshift-challenging-client   2021-01-11T19:25:35Z   2021-01-12 19:25:35 +0000 UTC   https://oauth-openshift.apps.example.com/oauth/token/implicit      user:full
      3. <token2>   openshift-browser-client       2021-01-11T19:27:06Z   2021-01-12 19:27:06 +0000 UTC   https://oauth-openshift.apps.example.com/oauth/token/display       user:full
      4. <token3>   console                        2021-01-11T19:26:29Z   2021-01-12 19:26:29 +0000 UTC   https://console-openshift-console.apps.example.com/auth/callback   user:full

    • Example output

      1. NAME       CLIENT NAME                    CREATED                EXPIRES                         REDIRECT URI                                                       SCOPES
      2. <token3>   console                        2021-01-11T19:26:29Z   2021-01-12 19:26:29 +0000 UTC   https://console-openshift-console.apps.example.com/auth/callback   user:full

    You can view the details of a user-owned OAuth access token.

    Procedure

    • Describe the details of a user-owned OAuth access token:

      1. Name:                        <token_name> (1)
      2. Namespace:
      3. Labels:                      <none>
      4. API Version:                 oauth.openshift.io/v1
      5. Authorize Token:             sha256~Ksckkug-9Fg_RWn_AUysPoIg-_HqmFI9zUL_CgD8wr8
      6. Client Name:                 openshift-browser-client (2)
      7. Expires In:                  86400 (3)
      9. Kind:                        UserOAuthAccessToken
      10. Metadata:
      11.   Creation Timestamp:  2021-01-11T19:27:06Z
      12.   Managed Fields:
      13.     API Version:  oauth.openshift.io/v1
      14.     Fields Type:  FieldsV1
      15.     fieldsV1:
      16.       f:authorizeToken:
      17.       f:clientName:
      18.       f:expiresIn:
      19.       f:scopes:
      20.       f:userName:
      22.     Manager:         oauth-server
      23.     Operation:       Update
      24.     Time:            2021-01-11T19:27:06Z
      25.   Resource Version:  30535
      26.   Self Link:         /apis/oauth.openshift.io/v1/useroauthaccesstokens/<token_name>
      27.   UID:               f9d00b67-ab65-489b-8080-e427fa3c6181
      28. Redirect URI:        https://oauth-openshift.apps.example.com/oauth/token/display
      29. Scopes:
      30.   user:full (5)
      31. User Name:  <user_name> (6)
      32. User UID:   82356ab0-95f9-4fb3-9bc0-10f1d6a6a345
      33. Events:     <none>

    The oc logout command only invalidates the OAuth token for the active session. You can use the following procedure to delete any user-owned OAuth tokens that are no longer needed.

    Deleting an OAuth access token logs out the user from all sessions that use the token.

    Procedure