Revoke Access Token
Revoke Access Token
Endpoint:
POST /relid/authserver/oauth/token/revoke
Description:
Revokes a previously issued access or refresh token. This ensures that the token is no longer valid and cannot be used to access protected resources.
🔐 Authentication
Type: Basic Auth
Header Format:
Authorization: Basic <base64(client_id:client_secret)>
📥 Request Headers
| Header | Value |
|---|---|
| Authorization | Basic authentication credentials |
| Content-Type | application/x-www-form-urlencoded |
| Accept | application/json |
📤 Request Body (Form URL Encoded)
| Field | Type | Required | Description |
|---|---|---|---|
token | string | Yes | The token to be revoked |
token_type | string | Yes | Type of token (e.g., access_token or refresh_token) |
📥 Query Parameters
No query parameters.
📬 Response Fields
No response body. A successful response is indicated by HTTP 200.
📘 Example Request (cURL)
curl 'https://auth.relid.com:8006/relid/authserver/oauth/token/revoke' \
-u '<client_id>:<client_secret>' \
-X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-d 'token=<access_token>&token_type=access_token'📘 Example Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8📝 Notes
- Revoked tokens cannot be used again; access will be denied.
- Use this endpoint for secure logout or session invalidation workflows.
- NOTE: Request parameters must be provided in the request body. URL query parameters will be ignored.
Updated 3 months ago