{"draft":"draft-ietf-oauth-revocation-11","doc_id":"RFC7009","title":"OAuth 2.0 Token Revocation","authors":["T. Lodderstedt, Ed.","S. Dronia","M. Scurtescu"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Web Authorization Protocol","abstract":"This document proposes an additional endpoint for OAuth authorization\r\nservers, which allows clients to notify the authorization server that\r\na previously obtained refresh or access token is no longer needed.\r\nThis allows the authorization server to clean up security\r\ncredentials.  A revocation request will invalidate the actual token\r\nand, if applicable, other tokens based on the same authorization\r\ngrant.","pub_date":"August 2013","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7009","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7009"}