X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f6519a2ffd957ed31d8a8c92da2f1d4ffed71b04..162d5c17961b6e5939f46f8c43dd1d854efc76c0:/doc/admin/user-management-cli.html.textile.liquid

diff --git a/doc/admin/user-management-cli.html.textile.liquid b/doc/admin/user-management-cli.html.textile.liquid
index 9e0256c632..949ce6a552 100644
--- a/doc/admin/user-management-cli.html.textile.liquid
+++ b/doc/admin/user-management-cli.html.textile.liquid
@@ -85,11 +85,11 @@ To get the token string, combine the values of @uuid@ and @api_token@ in the for
 ARVADOS_API_TOKEN=v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 </pre>
 
-h3(#delete-token). Delete a token
+h3(#delete-token). Delete a single token
 
-If you need to revoke a token, for example the token is leaked to an unauthorized party, you can delete the token at the command line.
+As a user or admin, if you need to revoke a specific, known token, for example a token that may have been leaked to an unauthorized party, you can delete it at the command line.
 
-1. First, determine the token UUID.  If it is a "v2" format token (starts with "v2/") then the token UUID is middle section between the two slashes.   For example:
+First, determine the token UUID.  If it is a "v2" format token (starts with "v2/") then the token UUID is middle section between the two slashes.   For example:
 
 <pre>
 v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
@@ -100,35 +100,27 @@ the UUID is "zzzzz-gj3su-yyyyyyyyyyyyyyy" and you can skip to the next step.
 If you have a "bare" token (only the secret part) then, as an admin, you need to query the token to get the uuid:
 
 <pre>
-$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv api_client_authorization current
-{
- "href":"/api_client_authorizations/x33hz-gj3su-fk8nbj4byptz6ma",
- "kind":"arvados#apiClientAuthorization",
- "etag":"77wktnitqeelbgb4riv84zi2q",
- "uuid":"zzzzz-gj3su-yyyyyyyyyyyyyyy",
- "owner_uuid":"zzzzz-tpzed-j8w1ymjsn4vf4v4",
- "created_at":"2020-09-25T15:19:48.606984000Z",
- "modified_by_client_uuid":null,
- "modified_by_user_uuid":null,
- "modified_at":null,
- "user_id":3,
- "api_client_id":1,
- "api_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
- "created_by_ip_address":null,
- "default_owner_uuid":null,
- "expires_at":null,
- "last_used_at":null,
- "last_used_by_ip_address":null,
- "scopes":[
-  "all"
- ]
-}
+$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv --format=uuid api_client_authorization current
+zzzzz-gj3su-yyyyyyyyyyyyyyy
+</pre>
+
+Now you can delete the token:
+
+<pre>
+$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv api_client_authorization delete --uuid zzzzz-gj3su-yyyyyyyyyyyyyyy
 </pre>
 
-2. Now use the token to delete itself:
+h3(#delete-all-tokens). Delete all tokens belonging to a user
+
+First, "obtain a valid token for the user.":#create-token
+
+Then, use that token to get all the user's tokens, and delete each one:
 
 <pre>
-$ ARVADOS_API_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx arv api_client_authorization delete --uuid zzzzz-gj3su-yyyyyyyyyyyyyyy
+$ ARVADOS_API_TOKEN=xxxxtoken-belonging-to-user-whose-tokens-will-be-deletedxxxxxxxx ; \
+for uuid in $(arv --format=uuid api_client_authorization list) ; do \
+arv api_client_authorization delete --uuid $uuid ; \
+done
 </pre>
 
 h2. Adding Permissions