Purpose
This WS is designed to delete existing approval to revoke access granted to client. Deleting approval will force client to re-request access from user
Key points
Only active approvals is returned
Approvals filtered by the user based on token details
It is allowed to search approvals (e.g.: by client name)
Specification
Authorization
Verify the validity of access token
in case of error - return 401 (“Invalid access token”)
Verify that token is not expired
in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope =
app:delete_pis)return 403 (“Your scope does not allow to access this resource. Missing allowances: app:delete_pis”) in case of invalid scope(s)
Validate request
Validate x-consumer-id (user)
Ensure that header
x-consumer-idpassed to requestin case of error - 401 ('Unauthorized')
Validate resource owner
Ensure that requested resource belongs to the authenticated user (invoke Mithril.Rpc,
:app_by_id, check that user_id = x-consumer-id)in case of error - 403 ('Forbidden')
Service logic
Delete approvals in Mithril
Service must operate only with user-related approvals
Call Mithril to delete requested approval and all associated active tokens
Mithril.Api
Mithril.Rpc: :delete_app
Blacklist approval
To blacklist associated active access tokens in JWT format, add key blacklist_app_id_<<approval_id>> to redis database with TTL = AUTH_ACCESS_TOKEN_LIFETIME config parameter.