| # Copyright (c) 2021 Contributors to the Eclipse Foundation |
| # |
| # See the NOTICE file(s) distributed with this work for additional |
| # information regarding copyright ownership. |
| # |
| # This program and the accompanying materials are made available under the |
| # terms of the Eclipse Public License 2.0 which is available at |
| # http://www.eclipse.org/legal/epl-2.0 |
| # |
| # SPDX-License-Identifier: EPL-2.0 |
| post: |
| summary: Deactivate a subject for this policy entry derived from the token |
| description: |- |
| **This action only works when authenticated with a Json Web Token (JWT).** |
| |
| Based on the authenticated token (JWT), **this policy entry** is checked to match those conditions: |
| * the authenticated token is granted the `EXECUTE` permission to perform the `deactivateTokenIntegration` action |
| * one of the subject IDs is contained in the authenticated token |
| |
| When all conditions match, the calculated subject with information extracted from the authenticated JWT is **removed |
| from this policy entry**. |
| |
| The injected subjects expire when the JWT expires. The `expiry` timestamp (a string in ISO-8601 format) |
| specifies how long the specific subject will have access to the resource secured by the policy. |
| The subject will be automatically deleted from the policy once this timestamp is reached. |
| To give the subject a chance to prolong the access he can configure a connection to get announcements. |
| Policy announcements are published to websockets and connections that have the relevant subject ID. |
| |
| The settings under `announcement` control when a policy announcement is published (before expiry or when deleted). |
| If the field `requestedAcks` is set, then the announcements are published with at-least-once delivery until |
| the acknowledgement requests under labels are fulfilled. |
| If a "beforeExpiry" announcement was sent without acknowledgement requests, or the a "beforeExpiry" |
| announcement was acknowledged, the "whenDeleted" announcement will not be triggered. |
| tags: |
| - Policies |
| parameters: |
| - $ref: '../../parameters/policyIdPathParam.yml' |
| - $ref: '../../parameters/labelPathParam.yml' |
| responses: |
| '204': |
| description: The request was successful. The subject was removed. |
| '400': |
| description: The request could not be completed because the authentication was not performed with a JWT. |
| '403': |
| description: |- |
| The request could not be completed because the user did not have the `EXECUTE` permission on this policy entry. |
| '404': |
| description: |- |
| The request could not be completed because this policy entry did not match the following conditions: |
| * containing a a subject ID matching the JWT's authenticated subject |