Token Revoke Endpoint

The Token Revoke endpoint allows your application to revoke access to a client by revoking the access or refresh token associated with that client. You can find this endpoint from the OAuth Discovery Endpoint.

OAuth Discovery Endpoint

https://<EID Server>/oauth/.well-known/openid-configuration

How to call the Token Revoke Endpoint

1. Initiate a request to the EmpowerID Token Revoke endpoint, https://<EID Server>/oauth/v2/tokenrevoke

POST /oauth/v2/tokenrevoke HTTP/1.1
Host: <EID Server>
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Authorization: Basic base64Encode(<ClientID>:<ClientSecret>)
 
token={Your access token}
&token_type_hint=refresh_token/access_token

Header Parameter	Required/Optional	Description

Header Parameter	Required/Optional	Description
`Content-Type`	required	Must be `application/x-www-form-urlencoded`.
`Authorization`	required	Base64 encoded value of ClientID and Client Secret `base64Encode(<client_id>:<client_secret>)`

Post Body Parameter	Required/Optional	Description

Post Body Parameter	Required/Optional	Description
`token`	required	Must be the access token or refresh token
`token_type_hint=refresh_token` OR `token_type_hint=access_token`	required	If the token is a refresh token, set `token_type_hint=refresh_token`; otherwise, set `token_type_hint=access_token`

2. Returns null if the token has been successfully removed.

IN THIS ARTICLE

EmpowerID Developer Guide v21

Token Revoke Endpoint

Analytics

OAuth Discovery Endpoint

How to call the Token Revoke Endpoint

Related content