Revoke a token for a given AuthorizationServer
POST/oauth/revoke/:tokenRevokerName
Revokes the submitted token for the authorization server identified by the path parameter,
permanently invalidating it in nevisAuth's token store.
The form body must include the token parameter; an optional token_type_hint may be provided
to optimize internal token lookup.
Valid client credentials must be supplied in the Authorization header.
Use this endpoint when multiple AuthorizationServer instances are registered in the service configuration.
Request
Path Parameters
tokenRevokerName stringrequired
Header Parameters
authorization string
- application/x-www-form-urlencoded
Body
token string
token_type_hint string
Responses
- 200
- 400
- 401
- 500
- 503
Token revoked; per RFC 7009 also returned when the token was already expired or unknown, to avoid leaking validity information
AuthorizationServer, Token or Authorization header is missing. Unauthorized client.
Invalid client
Unsupported token type, Error
AuthorizationServer not found in configuration
Loading...