What is Token Revocation?
Token revocation as defined here is a way the client can notify the authorization server that a previously refresh or access token is no longer needed.
In that way, the client can perform some sort of 'log-out' mechanism.
Currently Problem Facing:
In access token scenario, the type of the token should be JWT, so the client and resource servers cannot differ if the access token they hold is currently active or revocated (cause JWT access token it self-validated via public key and there's no need to use the token introspection for validating the token).
What is Token Revocation?
Token revocation as defined here is a way the client can notify the authorization server that a previously refresh or access token is no longer needed.
In that way, the client can perform some sort of 'log-out' mechanism.
Currently Problem Facing:
In access token scenario, the type of the token should be JWT, so the client and resource servers cannot differ if the access token they hold is currently active or revocated (cause JWT access token it self-validated via public key and there's no need to use the token introspection for validating the token).