Revoke Refresh Token
/oauth2/v1/revoke
Request
- application/x-www-form-urlencoded
-
Authorization: string
Basic Authorization. Base64 encoding of client credentials
object
-
token:
string
Refresh TokenExample:
eyJ4NXQiOiI4Wk5NMEFfNWFuSTc0dGp3Y3FWcWtMN3Z0Q2ciLCJraWQiOiJwcml2YWVrZXkxIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI1YzA4NDcyMi03Njk3LTQ2NzgtOWVmNC01ZDMxYjg5MjgzYTMiLCJhdWQiOiI1YzA4NDcyMi03Njk3LTQ2NzgtOWVmNC01ZDMxYjg5MjgzYTMiLCJuYmYiOjE0NDA3NTk0MDgsInNjb3BlIjoiQUNNRUNhbmRpZGF0ZVByb2ZpbGVTZXJ2aWNlLnJlc3VtZXNfbW9udGhzIG9mZmxpbmVfYWNjZXNzIiwiaXNzIjoiaWRjcy5vcmFjbGUuY29tIiwiZXhwIjoxNDQwOTc1NDA4LCJpYXQiOjE0NDA3NTk0MDgsInRlbmFudCI6IlRFTkFOVDEiLCJqdGkiOiIwNGQwZDcyYi1iMDZmLTQ5YzItOGZkZi00ZjliYTllOTMxNGYifQ.AQfGzQ9Qe6RgQqwr_V1z2Nl3N7NG5qsy-lMNIMto8xvKAxyQcEVQ_IN6dPZZtJ90uNr8Y1eavtGmaFIcY4KVwg
Response
- application/json
200 Response
400 Response
object
-
error:
string
Error values based on the OAuth specification
-
error_description:
string
Detailed error messages
401 Response
object
-
error:
string
Error values based on the OAuth specification
-
error_description:
string
Detailed error messages
Examples
The following example shows how to revoke a refresh token by submitting a POST request on the REST resource using cURL. For more information about cURL, see Use cURL. See the Authorization section for more information on grant types.
Example Requests Using cURL
Note:
The command in this example uses the URL structurehttps://tenant-base-url/resource-path
, where
tenant-base-url
represents the Identity Service URL, and the resource path represents the Identity Service API. See
Send Requests for the appropriate URL structure to use.
The following shows an example cURL request to revoke a refresh token where authorization is Basic <client_id:client_secret>
and payload is token=<refresh_token>
.
curl -I
-H 'Authorization: Basic <client_id:client_secret>'
-H 'Accept: */*'
-H 'Cache-Control: no-cache, no-store, must-revalidate'
-H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'
--request POST 'https://tenant-base-url/oauth2/v1/revoke'
-d 'token=<refresh_token>'
Basic <client_id:client_secret>
and payload is
user_id=<user guid>
.
Note:
The Client must have the Identity Domain administrator role to send theuser_id
payload.
curl -I
-H 'Authorization: Basic <client_id:client_secret>'
-H 'Accept: */*'
-H 'Cache-Control: no-cache, no-store, must-revalidate'
-H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'
--request POST 'https://tenant-base-url/oauth2/v1/revoke'
-d 'user_id=<user guid>'
The following shows an example cURL request to revoke a refresh token where authorization is Bearer <administrator access token>
and payload is user_id=<user guid>
.
curl -I
-H 'Authorization: Bearer <administrator access token>'
-H 'Accept: */*'
-H 'Cache-Control: no-cache, no-store, must-revalidate'
-H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'
--request POST 'https://tenant-base-url/oauth2/v1/revoke'
-d 'user_id=<user guid>'
Example of Response Body
The following example shows the contents of the response body in JSON format:
{
"status": 200
}
Example of Response Body
The following example shows the contents of the response body in JSON format when a user tries to revoke an access token and the server does not support revoking the access token:
{
"error": "unsupported_token_type",
"error_description": "Illegal base64 character 2e"
}