API for token deletion

[newgrounds]

We need the ability to revoke access tokens

[brian717]

Looking over this - what use case do you have in mind? Would the client request that a token be revoked? Do you envision it doing this via a page in a webview, or a request to an endpoint? The reason I ask is the standard OAuth 2.0 spec doesn't include a revocation endpoint; the best we can do in terms of adherence to a spec is a draft revocation spec that expired last November, or a web page. I'd personally lean towards a page on the registry server, as this would allow token revocation from a browser, also. Thoughts?

[newgrounds]

We really need to be able to make a request to an endpoint because we are going to have a switch that turns access on and off from an activity in the app.

[brian717]

Implemented with commit: 2940ab2dd2065da12dac7da49871edcbcc3032c1. Spec is available here: http://tools.ietf.org/html/draft-ietf-oauth-revocation-00. Endpoint as described in spec is available at /oauth2/revoke. Please test things out.