Revoke Tokens

The revocation endpoint can be used to revoke access tokens (reference tokens only) and refresh tokens.

POST /connect/revocation HTTP/1.1
Host: instance.irmciam.se
Content-Type: application/x-www-form-urlencoded
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

token=...&token_type_hint=refresh_token

Explanation of the request parameters in the example:

• token must contain the token to revoke and is a required parameter.
• token_type_hint is an optional parameter with either access_token or refresh_token

The revocation endpoint is one way to sign-out a user with a backchannel call, but to do a full sign-out of a user it is better to use the End session endpoint which uses the browser to do the sign-out.