Skip to content

Implement token revocation #43

Description

@shakedmanes

What is Token Revocation?

Token revocation as defined here is a way the client can notify the authorization server that a previously refresh or access token is no longer needed.
In that way, the client can perform some sort of 'log-out' mechanism.

Currently Problem Facing:

In access token scenario, the type of the token should be JWT, so the client and resource servers cannot differ if the access token they hold is currently active or revocated (cause JWT access token it self-validated via public key and there's no need to use the token introspection for validating the token).

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestfeatureFeature perspective

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions