- Generated by
1.8.18
|
Authlete
|
Request to Authlete's /api/auth/revocation API.
More...
Properties | |
| string | Parameters [get, set] |
| Request parameters that the revocation endpoint (RFC 7009) of the authorization server received from a client application. More... | |
| string | ClientId [get, set] |
The client ID extracted from the Authorization header of the revocation request from the client application. More... | |
| string | ClientSecret [get, set] |
The client secret extracted from the Authorization header of the revocation request from the client application. More... | |
Request to Authlete's /api/auth/revocation API.
The entity body of a revocation request may contain a pair of client ID and client secret (client_id and client_secret) along with other request parameters as described in 2.3.1. Client Password of RFC 6749. If the client credentials are contained in both the Authorization header and the entity body, they must be identical. Otherwise, Authlete's /api/auth/revocation API generates an error (it's not a service error but a client error).
When the presented token is an access token, Authlete revokes the access token and its associated refresh token, too. Likewise, if the presented token is a refresh token, Authlete revokes the refresh token and its associated access token. Note that, however, other access tokens and refresh tokens are not revoked even though their associated client application, subject and grant type are equal to those of the token to be revoked.
|
getset |
The client ID extracted from the Authorization header of the revocation request from the client application.
If the revocation endpoint of the authorization server supports Basic Authentication as a means of client authentication, and if the request from the client application contained its client ID in the Authorization header, the value should be extracted from there and set to this property.
|
getset |
The client secret extracted from the Authorization header of the revocation request from the client application.
If the revocation endpoint of the authorization server supports Basic Authentication as a means of client authentication, and if the request from the client application contained its client secret in the Authorization header, the value should be extracted from there and set to this property.
|
getset |
Request parameters that the revocation endpoint (RFC 7009) of the authorization server received from a client application.
The value of the "parameters" request parameter is the entire entity body (which is formatted in application/x-www-form-urlencoded) of the request from the client application.
1.8.18