Revoke a token for the AuthorizationServer
POST/oauth/revoke
Revokes the submitted token using the single AuthorizationServer configured in this service
instance; this form omits the path parameter and is only valid when exactly one authstates entry is present.
The form body, response codes, and authentication requirements are identical to the parameterized endpoint.
When multiple authorization servers are configured, use the /{tokenRevokerName} path-parameter form instead.
Request
Header Parameters
authorization string
- application/x-www-form-urlencoded
Body
token string
token_type_hint string
Responses
- 200
- 400
- 401
- 500
- 503
Token revoked; also returned when the token was already expired or unknown, to avoid leaking validity information
AuthorizationServer, Token or Authorization header is missing. Unauthorized client.
Invalid client
Unsupported token type, Error
Multiple authorization servers configured; use the path-parameter endpoint instead
Loading...