Revoking issued tokens

The revocation endpoint gives possibility to invalidate the actual token and, if applicable, other tokens based on the same authorization grant.

From an end-user's perspective, tokens are often used as a premise of users logged into a certain site or application. This revocation mechanism allows to invalidate its tokens if the end-user logs out, changes identity, or uninstalls the respective application. Notifying the authorization server that the token is no longer needed allows the authorization server to clean up data associated with that token (e.g., session data) and the underlying authorization grant. This behavior prevents abuse of abandoned tokens of which the end-user is not aware anymore.

In order to use this endpoint your application must be registered within Karhoo auth service as a valid client (assigned with a client_id).

This endpoint is compliant with the OAuth 2.0 Token Revocation spec.

Click Try It! to start a request and see the response here!