20npz (20npz) asked a question.
Okta API Key Created/Revoked - iOS Okta App
In the logs, I notice there are several (seemingly ephemeral) API key created and revoked events in the logs. When trying to investigate why these "API keys" are created or what app they belong to, I hit a dead end. It appears the API key is tied to a user rather than an application.
The only trend I notice is the event details is that the clientAppId attribute is the same for all these events, and that in the seconds leading up to the event, the users were using the iOS Okta app to auth. So, my questions are:
- Can you confirm these API token created/revoked events are caused by the iOS Okta app?
- How can API tokens generated by the iOS app be abused if they are ever compromised?
- Can an admin arbitrarily revoke API keys that are generated by the iOS Okta app? If not, why?
This is Florin from Okta support. You are welcome to open a case with us, so we can get a better understanding of your questions. Have a great day ahead!
I did.
In case anyone is wondering, the API keys are created when a user signs into the Okta app on a mobile device so that the user does not have to re-enter creds again.
Admins cannot revoke these particular API keys - they can only disable the user accounts.