Token Revocation (RFC 7009)
Invalidate access or refresh tokens before their natural expiration. Essential for logout flows and security incident response. Supports both access and refresh token revocation.
Token Revocation (RFC 7009)
Invalidate access or refresh tokens before their natural expiration. Essential for logout flows and security incident response. Supports both access and refresh token revocation.
Sequence Diagram
Click any step for details
Request
Response
Redirect
Internal
Step-by-Step Breakdown
1
Revocation Request
Client → Authorization Server
2
Revocation Response
Authorization Server → Client
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.