After you have completed authorization using one of the OAuth2 flows, you can use the /oauth2/revoke endpoint to invalidate the access token or refresh token returned from the authorization endpoint (e.g. to prevent further access using that token).
Content-type in the request to
application/x-www-form-urlencoded and pass the access token via the
token body parameter:
Also, pass either
client_secret as body parameters or add an Authorization Header of type Basic.
POST https://mytenant.idaptive.app/oauth2/revoke/myapplication HTTP/1.1 Authorization: Basic amFtZ... Content-Type: application/x-www-form-urlencoded token=eyJhbGsdaefwsd... client_id=xxxxxx client_secret=xxxxx
The response indicates
200 OK if the token was successfully revoked.
HTTP/1.1 200 OK
Updated 3 months ago