Token Revocation
Revoking a token
Applications can programmatically revoke the access a user has given to it. Revocation is important when a user unsubscribes or removes an application. Part of the removal process should include an API request to removed permissions granted to the application. Additionally, to "logout" a user an application should revoke any tokens issued to it.
Tokens can be revoked by sending to the token to revoke to Authorization Server via a PUT request.
Base URL: https://oauth.oclc.org/revoke
Revocation Parameters
| Name | Description | Required? | Expected / Sample Values |
|---|---|---|---|
| access_token | The access token you want to revoke | No, (this or the refesh_token parameter are required) |
tk_kteh1Qg3t8Qo5BZN9xbJKVvdIwj98ZcbKXtl |
| refresh_token | The refresh token you want to revoke | No, (this or the access_token parameter are required) | rt_123456789 |
Example Request
PUT /revoke?access_token=tk_kteh1Qg3t8Qo5BZN9xbJKVvdIwj98ZcbKXtl HTTP/1.1 Host: oauth.oclc.org
Example Response
HTTP/1.1 200 OK Date: Wed, 24 May 2017 15:55:50 GMT Server: Apache X-OCLC-RequestId: 52e47a1e-0715-4dbb-aedd-8ff922c96b4d Content-Length: 0 Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Content-Type: text/plain