Sign In
Get Started
Search
⌘K
Get Started
Platform
Dashboard
Developer Guides
API Reference
UI Widgets
Providers
Legal
Flow
Changelog
Roadmap
For Developers

Revoke

the Edlink Team
By the Edlink Team
Unknown Date
Copy Markdown
Report an Issue

The revocation endpoint in OpenID Connect (OIDC) allows clients to revoke tokens (access tokens or refresh tokens). Revoking a token invalidates it and prevents further use. This is useful for implementing logout functionality or managing token lifecycle.

Endpoint Details

In the provided configuration, the revocation endpoint is:

"revocation_endpoint": "https://ed.link/api/authentication/oidc/revoke"

How to Use the Revocation Endpoint

1. Prepare the Revocation Request

To use the revocation endpoint, you need to send a POST request with the necessary parameters. Here’s a breakdown of the required parameters:

  • token: The token that you want to revoke (access token or refresh token).
  • Authorization: Basic authentication header containing the base64 encoded client_id and client_secret.

2. Construct the Revocation Request

Here is an example of how to construct the revocation request using axios in Node.js:

const axios = require('axios');
const qs = require('qs');

// Construct the request data
let data = qs.stringify({
    token: 'YOUR_TOKEN'
});

// Set up the request configuration
let config = {
    method: 'post',
    maxBodyLength: Infinity,
    url: 'https://ed.link/api/authentication/oidc/revoke',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        Authorization: 'Basic ' + Buffer.from('YOUR_CLIENT_ID:YOUR_CLIENT_SECRET').toString('base64')
    },
    data: data
};

// Send the request
axios
    .request(config)
    .then((response) => {
        console.log(JSON.stringify(response.data));
    })
    .catch((error) => {
        console.log(error);
    });

Replace the placeholders with your actual values:

  • YOUR_TOKEN: The token you want to revoke.
  • YOUR_CLIENT_ID: Your registered client ID.
  • YOUR_CLIENT_SECRET: Your client secret.

3. Send the Revocation Request

The request above sends a POST request to the revocation endpoint with the required parameters and authorization header.

4. Handle the Revocation Response

The response from the revocation endpoint typically does not contain any body data, indicating a successful revocation. You can handle the response as needed in your application.

Error Handling

If an error occurs during the revocation process, handle it appropriately. Common errors might include invalid client credentials or invalid token. The catch block in the example code captures and logs these errors.

Example Flow

  1. Receive a Token Revocation Request: Your application receives a request to revoke a token (e.g., user logs out).
  2. Revoke the Token: Send the token to the revocation endpoint to invalidate it.
  3. Handle the Response: Based on the response, confirm that the token has been successfully revoked.

Error Handling in the Implementation

If the token is already revoked or invalid, the endpoint will return a success response. If there is an error during the revocation process, such as database issues, the endpoint will return an error response.

Conclusion

Using the revocation endpoint involves sending a POST request with the token and client credentials to invalidate the token. This helps manage the token lifecycle and ensure that tokens are not misused after they are no longer needed.