By: Steve Lam user 15 Aug 2018 at 11:39 a.m. CDT

3 Responses
Steve Lam gravatar
It would be really nice to have a revoke endpoint for access/refresh tokens that need to be invalidated, as per [RFC 7009](https://support.gluu.org/access-management/5298/how-to-revoke-a-token-without-a-session/).

By William Lowe user 15 Aug 2018 at 11:48 a.m. CDT

William Lowe gravatar
Agreed. It's on our [roadmap for Gluu 4.0](https://github.com/GluuFederation/oxAuth/issues/784) , ETA mid January. Let us know if you have any questions. Thanks :)

By Steve Lam user 15 Aug 2018 at 12:05 p.m. CDT

Steve Lam gravatar
Ah, I was hoping it was. I looked on the [Roadmap page](https://www.gluu.org/roadmap/), but couldn't find mention of it. Thank you.

By William Lowe user 15 Aug 2018 at 12:14 p.m. CDT

William Lowe gravatar
Ah, good point. I'll run the sync and update the roadmap page tonight.