Token revocation

The Token Revocation service implements RFC 7009, giving OAuth 2.0 clients a protocol-defined mechanism to explicitly invalidate access or refresh tokens that are no longer needed. Revoking abandoned or compromised tokens reduces the window of potential abuse and supports clean session lifecycle management across all connected services. nevisAuth processes revocation requests through the same AuthorizationServer AuthState that issued the token, ensuring it is permanently invalidated in the authorization server's data store. The target authorization server is identified either by a URL path parameter or implicitly when a single authorization server is configured in the service. Callers must authenticate before revocation is accepted, using the method configured on the service instance, which defaults to HTTP Basic.

📄️ Revoke a token for the AuthorizationServer

Revokes the submitted token using the single `AuthorizationServer` configured in this service

📄️ Revoke a token for a given AuthorizationServer

Revokes the submitted token for the authorization server identified by the path parameter,