OAuth 2.0 Token Revocation
RFC 7009, “OAuth 2.0 Token Revocation”, is a Proposed Standard document published in August 2013 by T. Lodderstedt, S. Dronia, M. Scurtescu. The canonical text is published by the RFC Editor.
Abstract
This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to clean up security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7009 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7008 A Description of the KCipher-2 Encryption Algorithm
- RFC 7010 IPv6 Site Renumbering Gap Analysis
- RFC 7007 Update to Remove DVI4 from the Recommended Codecs for the RTP Profile for Audio and Video Conferences with Minimal Control
- RFC 7011 Specification of the IP Flow Information Export Protocol for the Exchange of Flow Information
- RFC 7006 Miscellaneous Capabilities Negotiation in the Session Description Protocol
- RFC 7012 Information Model for IP Flow Information Export
- RFC 7005 RTP Control Protocol Extended Report Block for De-Jitter Buffer Metric Reporting
- RFC 7013 Guidelines for Authors and Reviewers of IP Flow Information Export Information Elements