Revocation
The revocation endpoint invalidates access tokens and refresh tokens per RFC 7009.
POST/oauth2/revokeNo Auth
Revokes an access token or refresh token. Always returns 200 even if the token is invalid (per RFC 7009).
| Parameter | Type | Description |
|---|---|---|
| token* body | string | The token to revoke |
| token_type_hint body | string | "access_token" or "refresh_token" |
| client_id* body | string | The OAuth client ID |
| client_secret* body | string | The OAuth client secret |
Request
token=eyJhbGciOiJSUzI1NiIs...&token_type_hint=access_token&client_id=my-client&client_secret=secret
Response
{}