1. Technical Field
This invention relates in general to managing delegated access to protected data and more particularly to automatically identifying and destroying a potentially misappropriated access token which was originally created to provide delegated access to protected data to a bearer of the access token.
2. Description of the Related Art
Delegation protocols, such as OAuth 2.0, allow users to delegate access to protected data owned or controlled by the users. In one example, supported by a delegation protocol, a user may authorize one or more client systems to access protected data that is controlled or owned by the users by authorizing client systems to receive an access token, where a client need only present the access token to authenticate access to the user's protected data. Under a delegation protocol, the access token is sufficient for the client to prove its authorization to access the protected data. Access tokens, however, can be misappropriated and acquired by a client not authorized by the user to access the protected. Once an access token is issued to an authorized client, any other unauthorized client that acquires the access token can also present the access token as authorization to access the user's protected data, using the access token as the authentication for the unauthorized client to access the user's protected data.