Revoke tokens
You can revoke the tokens generated by the Authorization code flow.
Revoke access token
Revoke an access_token
by making an HTTP POST request to the authorization server.
HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke
Request payload:
{
"token" : "bd680785-b090-40ca-9a32-22df51e96e7a",
"token_type_hint" : "access_token",
"client_id" : "12345678-1234-1234-1234-123456789012",
"client_secret" : "my-encrypted-secret-1234"
}
Response payload:
{
"msg" : "success"
}
Revoke refresh token
Revoke a refresh_token
by making an HTTP POST request to the authorization server.
HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke
Request payload:
{
"token" : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
"token_type_hint" : "refresh_token",
"client_id" : "12345678-1234-1234-1234-123456789012",
"client_secret" : "my-encrypted-secret-1234"
}
Response payload:
{
"msg" : "success"
}
Revoke token without mentioning any token type
Revoke a token without passing the token_hint_type
field in the request payload. The passed token can be an access_token
or a refresh_token
. The authorization server automatically deduces the type of the token and revokes it.
HTTP POST
https://accounts.welcomesoftware.com/o/oauth2/v1/revoke
Request payload:
{
"token" : "e053d83e-14e1-4ba4-b18e-ea654b39a02e",
"client_id" : "12345678-1234-1234-1234-123456789012",
"client_secret" : "my-encrypted-secret-1234"
}
Response payload:
{
"msg" : "success"
}
Updated 11 months ago
Next