The OAuth Token Revocation functionality is available with WSO2 Identity Server and follows this specification. There are two endpoints exposed as a result of the token revocation feature.
- REST endpoint at
/oauth2endpointsoauth2/revoke
- SOAP endpoint at
/services/OAuthAdminService
with operationrevokeAuthzForAppsByResourceOwner
...
Code Block |
---|
curl -X POST --basic -u "4xTplVAiQEwrBF6wYSW3cpyqYDoa:GREoG5f80kmg7uHNed2YwfJSxlQa" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "token=d23e96c9bf2818fe5b4db0f8dbe829bb&token_type_hint=access_token" https://localhost:9443/oauth2endpointsoauth2/revoke |
The token parameter used here can be an access token or refresh token. The token_type_hint
parameter is optional. This parameter can take values of eitherĀ access_token
or refresh_token
. The Identity Server uses this parameter to speed up the process of looking up the token by searching first in the set of tokens the client specifies (access_token
or refresh_token
). If the token is not to be found in the set the client claims it to be in, then the server looks for the token in the other set (refresh_token
or access_token
).
...
You can find this webapp at <WSO2_IS_HOME>/repository/deployment/server/webapps/oauth2endpointsoauth2.war
. Rather than editing the web.xml
directly in the deployed directory, its easier to copy the oauth2endpointsoauth2.war
file into another location, edit the web.xml
and copy it back into the webapps
folder and it gets hot deployed.
...
Code Block |
---|
curl -X POST --basic -u "4xTplVAiQEwrBF6wYSW3cpyqYDoa:GREoG5f80kmg7uHNed2YwfJSxlQa" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "token=d23e96c9bf2818fe5b4db0f8dbe829bb&token_type_hint=access_token&callback=package.myCallback" https://localhost:9443/oauth2endpointsoauth2/revoke |
The callback
parameter is optional.