Token revocation with Spring Authorization Server

To revoke a valid access token, stop the Client Application from using that access token, we will use the token revocation endpoint. With the Authorization Server built using Spring Authorization Server, you can use the following POST request to revoke an access token: http://localhost:8080/oauth2/revoke.

For example, now I have a RegisteredClient as follows:

Get the access token of this client, then call the token introspection request, you will see the following results:

Now, if I call the token revocation request with 3 parameters in the body of the request, the token to be revoked, the client_id and the client_secret of this access token, you will see the following result:

So we have successfully revoked this access token.

Now if you call the token introspection request again for this access token, you will see this access token become an invalid one, as follows:

Add Comment