Tokens

Once a user has trusted K2 to interact with another system on their behalf through OAuth, K2 stores and uses an OAuth access Token associated with that user.

The Tokens page allows you to view and delete stored OAuth access tokens, which is useful for deleting tokens that were created for an employee who has left the company, or for situations where the OAuth configuration has been modified/expired and the old tokens are no longer valid. The stored tokens will display the following properties:

  • Resource Type
  • Resource Audience
  • Primary Credential ID
  • User Name
  • Expires in Seconds
When an access token is about to expire or has already expired, a refresh token is used to create a new access token. Access and Refresh token expiration vary from system to system. Some systems may issue new access tokens with every call, and some may not issue refresh tokens at all, it just depends on the system and how their authorization rules work.

You can remove stored tokens using the Tokens view. Follow these steps to remove Tokens:

  1. Select the token you want to delete by clicking on the token and click Delete.
  2. Click OK to confirm that you want to delete the token.