rfc7009 — Search

US RFC 7009 - OAuth 2.0 Token Revocation

https://datatracker.ietf.org/doc/rfc7009

…how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7009. Lodderstedt, et al. Standards Track [Page 1] RFC 7009 Token Revocation August 2013 Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All right…

2026-04-25 18:52 View archive →

US RFC 7009: OAuth 2.0 Token Revocation

https://www.rfc-editor.org/rfc/rfc7009

…how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7009 . Lodderstedt, et al. Standards Track [Page 1] RFC 7009 Token Revocation August 2013 Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All righ…

2026-04-25 14:58 View archive →

US IndieAuth

https://www.w3.org/TR/indieauth

…he user signs out of the client. IndieAuth extends OAuth 2.0 Token Revocation [ RFC7009 ] by defining the following: The revocation endpoint is the same as the token endpoint. The revocation request includes an additional parameter, action=revoke . An example revocation request i…

2026-04-25 02:03 View archive →

US Comprehensive Learner Record Standard Version 2.0 | IMS Global Learning Consortium

https://www.imsglobal.org/spec/clr/v2p0

…tion of an access token is useful. The Token Revocation process is based upon [ RFC7009 ]. The client requests the revocation of a particular token by making an HTTP POST request (using TLS) to the token revocation endpoint URL. Note that [ RFC7009 ] states that implementations M…

2026-04-24 12:22 View archive →

US Open Badges Specification | IMS Global Learning Consortium

https://www.imsglobal.org/spec/ob/v3p0

…tion of an access token is useful. The Token Revocation process is based upon [ RFC7009 ]. The client requests the revocation of a particular token by making an HTTP POST request (using TLS) to the token revocation endpoint URL. Note that [ RFC7009 ] states that implementations M…

2026-04-24 10:40 View archive →

US IndieAuth

https://indieauth.spec.indieweb.org

…user signs out of the client. IndieAuth implements OAuth 2.0 Token Revocation [ RFC7009 ] using the revocation endpoint defined in the server metadata: 7.1 Token Revocation Request An example revocation request is below. Example 16 POST https://indieauth.example.com/revocation HT…

2026-04-24 10:28 View archive →

US draft-ietf-oauth-v2-1-13

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13

… Model and Security Considerations" RFC 6819 DOI 10.17487/RFC6819 January 2013 [RFC7009] Lodderstedt, T., Ed. Dronia, S. , and M. Scurtescu "OAuth 2.0 Token Revocation" RFC 7009 DOI 10.17487/RFC7009 August 2013 [RFC7519] Jones, M. Bradley, J. , and N. Sakimura "JSON Web Token (JW…

2026-04-24 19:48 View archive →

US RFC Errata Report » RFC Editor

http://www.rfc-editor.org/errata_search.php

…ond the scope of this specification. Notes: It appears as though the authors of RFC7009 have failed to consider that requests to revoke are likely to come from non-confidential clients and such, would lack authentication credentials. Regardless of the type of client however, auth…

2026-04-24 09:24 View archive →

US RFC Errata Report » RFC Editor

https://www.rfc-editor.org/errata_search.php

…ond the scope of this specification. Notes: It appears as though the authors of RFC7009 have failed to consider that requests to revoke are likely to come from non-confidential clients and such, would lack authentication credentials. Regardless of the type of client however, auth…

2026-04-24 07:35 View archive →