Token revocation - SSO

Owned by Tomi Pelttari
2020-06-17
1 min read

Access tokens and refresh tokens can be revoked using token revocation endpoint.
https://tools.ietf.org/html/rfc7009#section-2.1

Revocation Request

POST /uas/oauth2/revocation

Required parameters

  • token

The access token or refresh token to be revoked.

  • client_id & client_secret

OAuth Client Identifier and Secret of the resource server sent as HTTP Basic credentials

Sample token revocation request
POST https://sso.example.com/uas/oauth2/revocation
Authorization: Basic MTc2MjQxNDM3NDoqKio= 
Content-Type: application/x-www-form-urlencoded
token=DSJJU6QhquTUsznTDeDq0eVm


Revocation Response


Sample token revocation response
HTTP/1.1 200 OK

Ubisecure Privacy Policy & Cookie Statement