Token Revocation Endpoint

The ActivID Appliance server exposes a token revocation endpoint, conforming to the OAuth 2.0 Token revocation specification.

The revoke endpoint supports public clients (for further information, see Refresh Token Revocation).

https://[base-server-url]/{tenant}/authn/revoke [POST]

Token Revocation Request

To request a token, confidential clients must authenticate to the server with their client_id and client_secret credentials obtained at registration.

POST https://[base-server-url]/{tenant}/authn/revoke
HTTP/1.1 
Content-Type: application/x-www-form-urlencoded
Authorization: Basic c3BsLWFwaTphY3RpdmNhcmQ=

token=RTp7HwAAAX0TWZYAgyHTl0UEiGlpfoxJjAlcwvR7&token_type_hint=access_token

POST https://[base-server-url]/{tenant}/authn/revoke
HTTP/1.1 
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer RTp7HwAAAX0TWZYAgyHTl0UEiGlpfoxJjAlcwvR7

token=RTp7HwAAAX0TW9ioFKvN89MtEVI9DDfwr9z9DxRQ&token_type_hint=access_token&client_id=spl-pai

Where:

• token - populated with the token to revoke (mandatory)
• token_type_hint - specifies the type of the token (for example, refresh_token or access_token) (optional)

  If this field is incorrectly populated, the server extends the search to other types of token (see RFC7009 specification - section 2.1).

• client_id - ID of the OpenID client from the bearer (mandatory for bearer authorization, not required for basic authorization)

Token Revocation Response

The server responds with an HTTP 200 status regardless of whether the submitted token is valid or not (as required by the RFC7009 specification - section 2.2):

HTTP/1.1 200 OK

Error/Failure Responses

HTTP/1.1 400 Bad Request

{"error_description":"Invalid request: Invalid token","error":"invalid_request"}