Token Revocation
The section illustrated how to invalidate the access token and refresh token. When users log out of your application, revoke their access token.
Example request:
Parameters with details:
token
String
Required
The access token or refresh token with the client to be revoked
token_type_hint
String
Required
To revoke an access token, use access_token as the value; to revoke a refresh token, use refresh_token as the value
client_id
String
Required
Client ID registered with digiRunner
client_secret
String
Optional
Scenario I. Higher-Security (Client Password Required)
Client Password registered with digiRunner
Scenario II. PKCE + Public Client (Client Password Not Required)
When the Public Client (With PKCE) option is selected in digiRunner's OAuth grant type, the parameter is not required.
Example of Successful Response
Example:
Parameters with details:
code
String
Custom response code for successful revocation, currently defined as two types:
token_revoke_success, the successful token revocation for this session.
token_already_revoked, the token has already been revoked.
message
String
Details for this successful revocation code
Example of Error Response
If the client password is incorrect, a 401 Unauthorized HTTP status code and JSON response will be returned.
Example:
Was this helpful?