evert
commented
10 months ago Revoking is an oauth2 extension, not part of the core spec. However, I am interested in supporting this feature.
This would be a pretty easy thing to add, not too different from introspect. Contributions work best when they are written by someone who actively uses the feature so I would encourage you to take a look. If not, I do think we'll add this at some point.
Hi there, looking at the client, I don't see a way to revoke a token. I believe (correct me if I'm wrong) that this is part of the OAuth spec, so it seems reasonable that the client ought to support it. For instance, the discovery server I'm working with returns a
revocation_endpoint.If there's already a way to do this with the client, I apologize. Please point me in the right direction. Otherwise, I would be happy to take a stab at a PR.