KEYCLOAK-5325 Provide OAuth token revocation capability

2020-03-05 09:16:57 +09:00 · 2020-03-05 09:16:57 +09:00 · d3e18744a8
commit d3e18744a8
parent 92450fb82b
2 changed files with 12 additions and 0 deletions
--- a/securing_apps/topics/oidc/oidc-generic.adoc
+++ b/securing_apps/topics/oidc/oidc-generic.adoc
@ -84,6 +84,16 @@ The dynamic client registration endpoint is used to dynamically register clients
 For more details see the <<_client_registration,Client Registration chapter>> and the
 https://openid.net/specs/openid-connect-registration-1_0.html[OpenID Connect Dynamic Client Registration specification].

+[[_token_revocation_endpoint]]
+===== Token Revocation Endpoint
+....
+/realms/{realm-name}/protocol/openid-connect/revoke
+....
+
+The token revocation endpoint is used to revoke tokens.
+
+For more details on how to invoke on this endpoint, see https://tools.ietf.org/html/rfc7009[OAuth 2.0 Token Revocation specification].
+
 ==== Validating Access Tokens

 If you need to manually validate access tokens issued by {project_name} you can invoke the <<_token_introspection_endpoint,Introspection Endpoint>>.
--- a/server_admin/topics/sso-protocols/oidc.adoc
+++ b/server_admin/topics/sso-protocols/oidc.adoc
@ -104,5 +104,7 @@ _/auth_:  i.e. $$https://localhost:8080/auth$$
  This is the URL endpoint for performing logouts.
 /realms/{realm-name}/protocol/openid-connect/userinfo::
  This is the URL endpoint for the User Info service described in the OIDC specification.
+/realms/{realm-name}/protocol/openid-connect/revoke::
+  This is the URL endpoint for OAuth 2.0 Token Revocation described in https://tools.ietf.org/html/rfc7009[RFC7009].

 In all of these replace _{realm-name}_ with the name of the realm.