Revocation Endpoint¶
This endpoint allows revoking access tokens (reference tokens only) and refresh token. It implements the token revocation specification (RFC 7009).
token
- the token to revoke (required)
token_type_hint
- either
access_token
orrefresh_token
(optional)
Example¶
POST /connect/revocation HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token
IdentityModel¶
You can programmatically revoke tokens using the IdentityModel library:
var revocationClient = new TokenRevocationClient(
RevocationEndpoint,
"client",
"secret");
var response = await revocationClient.RevokeAccessTokenAsync(token);