Token Revocation

Token Revocation is a simple protocol that allows a Client to request the Authorization Server revoke an access token.

In the form of an authenticated HTTP POST request:

POST /revoke HTTP/1.1
Host: localhost:9001
Accept: application/json
Content-type: application/x-www-form-encoded
Authorization: Basic b2F1dGgtY2xpZW50LTE6b2F1dGgtY2xpZW50LXNlY3JldC0x

token=987tghjkiu6trfghjuytrghj

Even in the case where revocation fails (either by the Authorization Server not being able to find the token or Client has no permissions to revoke the token), a successful response will still be shown.
Revocation Protocol can be useful if the Client notices any strange behavior with the token and can have it revoked.

PreviousExtensions / Frameworks NextIntrospection

Last updated 1 year ago