API for clients to revoke access tokens

[miwig]

It seems that currently the only way to revoke an access token is through the settings page in the web UI. That sends a POST request to /apps/oauth2/clients/{id}/revoke, where {id} is just a database row ID for the client, see here. It seems there's no way to get the {id} for a given client, except for looking it up in the settings page and remembering it, or parsing the HTML, both of which seem brittle.

It would be useful if there was an API to revoke a token given nothing but that token, e.g. for a client application to revoke its own token from its own UI instead of sending users to the settings page.

[michaelstingl]

Did you consider using OpeID Connect with an external IdP? There you have much more control, than in the very limited OAuth 2.0 implementation for the ownCloud 10 server.