Token Revoke Endpoint

The Token Revoke endpoint allows your application to revoke access to a client by revoking the access or refresh token associated with that client. You can find this endpoint from the OAuth Discovery Endpoint.

OAuth Discovery Endpoint

https://<EID Server>/oauth/.well-known/openid-configuration

How to call the Token Revoke Endpoint

1. Initiate a request to the EmpowerID Token Revoke endpoint, https://<EID Server>/oauth/v2/tokenrevoke

POST /oauth/v2/tokenrevoke HTTP/1.1
Host: <EID Server>
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Authorization: Basic base64Encode(<ClientID>:<ClientSecret>)
 
token={Your access token}
&token_type_hint=refresh_token/access_token

Header Parameter	Required/Optional	Description

Header Parameter	Required/Optional	Description
`Content-Type`	required	Must be `application/x-www-form-urlencoded`.
`Authorization`	required	Base64 encoded value of ClientID and Client Secret `base64Encode(<client_id>:<client_secret>)`

Post Body Parameter	Required/Optional	Description

Post Body Parameter	Required/Optional	Description
`token`	required	Must be the access token or refresh token
`token_type_hint=refresh_token` OR `token_type_hint=access_token`	required	If the token is a refresh token, set `token_type_hint=refresh_token`; otherwise, set `token_type_hint=access_token`

2. Returns null if the token has been successfully removed.

IN THIS ARTICLE