Revoke a Token
After you have completed authorization using one of the OAuth2 flows, you can use the /oauth2/revoke endpoint to invalidate the access token or refresh token returned from the authorization endpoint (e.g. to prevent further access using that token).
Set the Content-type
in the request to application/x-www-form-urlencoded
and pass the access token via the token
body parameter:
Also, pass either client_id
and client_secret
as body parameters or add an Authorization Header of type Basic.
POST https://mytenant.idaptive.app/oauth2/revoke/myapplication HTTP/1.1
Authorization: Basic amFtZ...
Content-Type: application/x-www-form-urlencoded
token=eyJhbGsdaefwsd...
client_id=xxxxxx
client_secret=xxxxx
The response indicates 200 OK
if the token was successfully revoked.
HTTP/1.1 200 OK
Updated 10 months ago