Token Revocation (RFC 7009)

Invalidate access or refresh tokens before their natural expiration. Essential for logout flows and security incident response. Supports both access and refresh token revocation.

Try in Looking Glass

Sequence Diagram

Click any step for details

ClientAuth Server1Revocation Request2Revocation Response
Request
Response
Redirect
Internal

Step-by-Step Breakdown

1
Revocation Request
ClientAuthorization Server
2
Revocation Response
Authorization ServerClient

Token Inspector

Specs for this flow

Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.

Core specs

· The specifications that define this protocol.

Security & privacy

· Dedicated security and privacy considerations.