The revoke token endpoint invalidates any access and refresh tokens issued to the client for the same end-user and session.
To revoke tokens from other sessions belonging to the same end-user, find the other session and revoke tokens for those sessions separately. For more information about finding user sessions, see Call Identity Authentication List Sessions Endpoint.
The token revocation endpoint is implemented according to RFC 7009 OAuth 2.0 Token Revocation.
URI:https://<Cloud Identity Services domain>/oauth2/revoke
The domain part has the following pattern:
<tenant ID>.accounts.ondemand.comor<tenant ID>.accounts.cloud.sap. If you have a configured custom domain, the domain has the following pattern: <your custom domain>.Tenant ID is an automatically generated ID by the system. The first administrator created for the tenant receives an activation email with a URL in it. This URL contains the tenant ID. For more information about your tenants, see View Assigned Tenants and Admins.
**HTTP Method:**POST
|
Header |
Required |
Values |
|---|---|---|
|
|
Yes |
application/x-www-form-urlencoded |
|
|
Yes |
|
|
Parameter |
Required |
Data Type |
Description |
Parameter Type |
|---|---|---|---|---|
|
|
Yes |
string |
Must contain the JWT or opaque token from the issuer. |
Path |
|
|
No |
string |
|
Path |
|
|
No |
string |
Used to identify the corresponding Identity Authentication application.
|
Request body |
token=0ab12345978c51ffe7c4e9a2b1158bb4
Token is successfully revoked.
|
Code |
Reason |
|---|---|
|
200 OK |
Successful operation. |
|
401 Unauthorized |
The client is not authenticated. |