Revoking a token
Applications can programmatically revoke the access a user has given to it. Revocation is important when a user unsubscribes or removes an application. Part of the removal process should include an API request to removed permissions granted to the application. Additionally, to "logout" a user an application should revoke any tokens issued to it.
Tokens can be revoked by sending to the token to revoke to Authorization Server via a PUT request.
Base URL: https://oauth.oclc.org/revoke
|Name||Description||Required?||Expected / Sample Values|
|access_token||The access token you want to revoke||No, (this or the refesh_token parameter are required)
|refresh_token||The refresh token you want to revoke||No, (this or the access_token parameter are required)||rt_123456789|
PUT /revoke?access_token=tk_kteh1Qg3t8Qo5BZN9xbJKVvdIwj98ZcbKXtl HTTP/1.1 Host: oauth.oclc.org
HTTP/1.1 200 OK Date: Wed, 24 May 2017 15:55:50 GMT Server: Apache X-OCLC-RequestId: 52e47a1e-0715-4dbb-aedd-8ff922c96b4d Content-Length: 0 Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Content-Type: text/plain