KEYCLOAK-5325 Provide OAuth token revocation capability

securing_apps/topics/oidc/oidc-generic.adoc

@@ -84,6 +84,16 @@ The dynamic client registration endpoint is used to dynamically register clients
 For more details see the <<_client_registration,Client Registration chapter>> and the
 https://openid.net/specs/openid-connect-registration-1_0.html[OpenID Connect Dynamic Client Registration specification].
 
+[[_token_revocation_endpoint]]
+===== Token Revocation Endpoint
+....
+/realms/{realm-name}/protocol/openid-connect/revoke
+....
+
+The token revocation endpoint is used to revoke tokens.
+
+For more details on how to invoke on this endpoint, see https://tools.ietf.org/html/rfc7009[OAuth 2.0 Token Revocation specification].
+
 ==== Validating Access Tokens
 
 If you need to manually validate access tokens issued by {project_name} you can invoke the <<_token_introspection_endpoint,Introspection Endpoint>>.

server_admin/topics/sso-protocols/oidc.adoc

@@ -104,5 +104,7 @@ _/auth_:  i.e. $$https://localhost:8080/auth$$
   This is the URL endpoint for performing logouts.
 /realms/{realm-name}/protocol/openid-connect/userinfo::
   This is the URL endpoint for the User Info service described in the OIDC specification.
+/realms/{realm-name}/protocol/openid-connect/revoke::
+  This is the URL endpoint for OAuth 2.0 Token Revocation described in https://tools.ietf.org/html/rfc7009[RFC7009].
 
 In all of these replace _{realm-name}_ with the name of the realm.