Thanks for reporting. Doc JIRA created: https://wso2.org/jira/browse/DOCUMENTATION-842.
On Sat, May 17, 2014 at 8:49 PM, Sanjeewa Malalgoda <[email protected]>wrote: > Hi All, > We found following issues in gateway cache when we regenerate application > tokens from API store user interface(or calling revoke API). > > 01. If we generate new application access token from ui old tokens remain > as active in gateway cache. > 02. If we use revoke API deployed in gateway it will clear only super > tenants cache. > > To address these issues recently we introduced new parameter named > RevokeAPIURL. In distributed deployment we need to configure this parameter > in API store node. Then it will call API pointed by RevokeAPIURL parameter. > RevokeAPIURL parameter should be pointed to revoke API deployed API gateway > nodes. If it is gateway cluster we can point to one node. So from this > release on wards all revoke requests will route to oauth service through > revoke API deployed in API manager. When revoke response route through > revoke API cache clear handler will invoke. Then it will extract relevant > information form transport headers and clear associated cache entries. In > distributed deployment we should configure followings. > > 01. In key manager node, point gateway API revoke end point as follows. > <!-- This the API URL for revoke API. When we revoke tokens revoke > requests should go through this > API deployed in API gateway. Then it will do cache > invalidations related to revoked tokens. > In distributed deployment we should configure this property in key > manager node by pointing > gateway https url. Also please note that we should point gateway > revoke service to key manager--> > <RevokeAPIURL>https:// > ${carbon.local.ip}:${https.nio.port}/revoke</RevokeAPIURL> > > 02. In API gateway revoke API should be pointed to oauth application > deployed in key manager node. > <api name="_WSO2AMRevokeAPI_" context="/revoke"> > <resource methods="POST" url-mapping="/*" > faultSequence="_token_fault_"> > <inSequence> > <send> > <endpoint> > <address uri=" > https://keymgt.wso2.com:9445/oauth2/revoke"/> > </endpoint> > </send> > </inSequence> > <outSequence> > <send/> > </outSequence> > </resource> > <handlers> > <handler > class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/> > </handlers> > </api> > > We need to add this to our product documents as well. > > > Thanks, > sanjeewa. > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> > > > -- Thanks, Nirdesha Munasinghe, WSO2 Inc. Web:http://wso2.com Mobile: +94 776321920
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
