RFC 7009 token revocation endpoint.
Provides handle-revocation-request for revoking access and refresh tokens.
The endpoint always returns 200 on successful authentication, even for unknown
tokens, to prevent token-scanning attacks per RFC 7009 §2.2.
RFC 7009 token revocation endpoint. Provides [[handle-revocation-request]] for revoking access and refresh tokens. The endpoint always returns 200 on successful authentication, even for unknown tokens, to prevent token-scanning attacks per RFC 7009 §2.2.
(handle-revocation-request params authorization-header client-store token-store)Processes an RFC 7009 token revocation request.
Authenticates the client via oidc-provider.token-endpoint/authenticate-client,
validates the token parameter is present, and revokes the token from
token-store. Returns {:status 200} on success (including for unknown
tokens per RFC 7009 §2.2), {:status 400} when the token parameter is
missing, or {:status 401} on authentication failure.
Processes an RFC 7009 token revocation request.
Authenticates the client via [[oidc-provider.token-endpoint/authenticate-client]],
validates the `token` parameter is present, and revokes the token from
`token-store`. Returns `{:status 200}` on success (including for unknown
tokens per RFC 7009 §2.2), `{:status 400}` when the `token` parameter is
missing, or `{:status 401}` on authentication failure.Malli schema for an RFC 7009 token revocation request.
Malli schema for an RFC 7009 token revocation request.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |