By: Steve Lam user 15 Aug 2018 at 11:39 a.m. CDT

3 Responses

It would be really nice to have a revoke endpoint for access/refresh tokens that need to be invalidated, as per [RFC 7009](https://support.gluu.org/access-management/5298/how-to-revoke-a-token-without-a-session/).

Ubuntu 16.04

closed

By William Lowe user 15 Aug 2018 at 11:48 a.m. CDT

Copy

Agreed. It's on our [roadmap for Gluu 4.0](https://github.com/GluuFederation/oxAuth/issues/784) , ETA mid January. Let us know if you have any questions. Thanks :)

By Steve Lam user 15 Aug 2018 at 12:05 p.m. CDT

Copy

Ah, I was hoping it was. I looked on the [Roadmap page](https://www.gluu.org/roadmap/), but couldn't find mention of it. Thank you.

By William Lowe user 15 Aug 2018 at 12:14 p.m. CDT

Copy

Ah, good point. I'll run the sync and update the roadmap page tonight.

You need to Login in order to post an answer

Add revoke endpoint per RFC 7009 (OAuth 2.0 Token Revocation)

By: Steve Lam user 15 Aug 2018 at 11:39 a.m. CDT

Answers

By William Lowe user 15 Aug 2018 at 11:48 a.m. CDT

By Steve Lam user 15 Aug 2018 at 12:05 p.m. CDT

By William Lowe user 15 Aug 2018 at 12:14 p.m. CDT

Post an answer