Overview#

Revocation Request

OAuth 2.0 Token Revocation (RFC 7009)#

OAuth 2.0 Token Revocation (RFC 7009) is where the OAuth Client constructs the Revocation Request by including the following parameters using the "application/x-www-form-urlencoded" format in the HTTP Request entity-body:

• token - REQUIRED - The token that the client wants to get revoked.
• token_type_hint - OPTIONAL A hint about the type of the token submitted for revocation. Clients MAY pass this parameter in order to help the Authorization Server to optimize the token lookup. If the server is unable to locate the token using the given hint, it MUST extend its search across all of its supported token types. An Authorization Server MAY ignore this parameter, particularly if it is able to detect the token type automatically. This specification defines two such values:
  • access_token: An access token as defined in RFC 6749, Section 1.4
  • refresh_token: A refresh token as defined in RFC 6749, Section 1.5
  • Specific implementations, profiles, and extensions of this specification MAY define other values for this parameter using the registry defined in RFC 7009 Section 4.1.2.
• credentials - The client also includes its authentication credentials as described in Section 2.3. of RFC 6749.

More Information#

There might be more information for this subject on one of the following:

• OAuth 2.0 Token Revocation
• Token_type_hint