Hjem > idporten > oidc
/revoke endpoint
The /revoke endpoint invalidates all tokens and and the underlying oauth2-grant
Note: I 2022 kommer det ikke-bakoverkompatible endringer i ID-porten.
About
The /revoke endpoint is thoroughly documented in RFC7009
When the client calls the revoke endpoint with valid token (either an access_token or a refresh token), that token and all other tokens associated with the underlying grant - for that specific client only - are invalidated in ID-porten.
Note that the SSO-session itself is NOT affected by a revoke, and any tokens issued to other clients during the same SSO-session are still valid.