Revoke a Token
Use this API to revoke and access_token
or refresh_token
.
The authentication requirements for this request are dependent on the Token Endpoint Authentication Method that is defined on an OpenId Connect application.
- Basic - Client ID and Client Secret are required in the Authorization header.
- POST - Client ID and Client Secret are required in the request body.
- None (PKCE) - Client ID is required in the request body. Do not include Client Secret.
Resource URL
https://<subdomain>.onelogin.com/oidc/2/token/revocation
Header Parameter
Authorization string |
Required if Token Endpoint Authentication Method is set to Basic Set to The e.g. Using Node.js this would be
|
Content-Type required string | application/x-www-form-urlencoded |
Resource Parameter
subdomain required string |
Set to the e.g. |
Request Parameter
token required string |
The When an When a |
token_type_hint string |
Set to |
client_id string |
The OneLogin generated Client ID for your OpenID Connect app. Required if Token Endpoint Authentication method is set to POST or none (PKCE). |
client_secret string |
The OneLogin generated Client Secret for your OpenID Connect app. Required if Token Endpoint Authentication method is set to POST. |
Sample Request Body
token=MmVkMTIyNGUtODI5MC00YzQ4LThkZmQtYzUzYmMzODBkYjY3UV4nmxKh4z....&token_type_hint=access_token
Sample Response
- 200 OK
- 400 Bad Request
- 401 Unauthorized
The token may already have been revoked
{
"error": "unsupported_token_type",
"error_description": "revocation of the presented token type is not supported"
}
The authorization header is invalid
{
"error": "invalid_request",
"error_description": "invalid authorization header value format"
}
{
"error": "invalid_request",
"error_description": "Authentication Failed"
}
{
"error": "invalid_request",
"error_description": "Access is unauthorized"
}
Sample Code
cURL
Replace sample values indicated by < >
with your actual values.
curl -XPOST "https://<subdomain>.onelogin.com/oidc/2/token/revocation" \
-H "Authorization: Basic <base64 encoded client_id:client_secret>" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "token=<access_token>&token_type_hint=access_token"
Postman Collection
Replace sample variables indicated by {{ }}
with your actual values.
Download for the OpenId Connect API
Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.