Revoke the token
Revoking tokens prevents orphan grants; therefore it is crucial to revoke the
tokens.
When you revoke the tokens depends on how your application is handling the refresh and access token. Tokens should be revoked before they are discarded by your application or when you want the user/resource owner to reconfirm the grant. After the refresh token is revoked, the corresponding access token and grant are revoked as well.
Use these parameters to revoke the token using the HTTP POST operation for the IFS CE token endpoint:
- token - refresh token
- token_type_hint=refresh_token
- client id - Use as the username for HTTP basic authentication
- client secret - Use as the password for HTTP basic authentication