Skip to end of banner
Go to start of banner

Token Revoke Endpoint

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

The Token Revoke endpoint allows your application to revoke access to a client by revoking the access or refresh token associated with that client. You can find this endpoint from the OAuth Discovery Endpoint.

OAuth Discovery Endpoint

https://<EID Server>/oauth/.well-known/openid-configuration

How to call the Token Revoke Endpoint

1. Initiate a request to the EmpowerID Token Revoke endpoint, https://<EID Server>/oauth/v2/tokenrevoke

POST /oauth/v2/tokenrevoke HTTP/1.1
Host: <EID Server>
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Authorization: Basic base64Encode(<ClientID>:<ClientSecret>)
 
token={Your access token}
&token_type_hint=refresh_token/access_token

Header Parameter

Required/Optional

Description

Content-Type

required

Must be application/x-www-form-urlencoded.

Authorization

required

Base64 encoded value of ClientID and Client Secret base64Encode(<client_id>:<client_secret>)

Post Body Parameter

Required/Optional

Description

token

required

Must be the access token or refresh token

token_type_hint=refresh_token OR token_type_hint=access_token

required

If the token is a refresh token, set token_type_hint=refresh_token; otherwise, set token_type_hint=access_token

2. Returns null if the token has been successfully removed.

IN THIS ARTICLE

  • No labels