{
  "draft": "draft-ietf-oauth-revocation-11",
  "doc_id": "RFC7009",
  "title": "OAuth 2.0 Token Revocation",
  "authors": [
    "T. Lodderstedt, Ed.",
    "S. Dronia",
    "M. Scurtescu"
  ],
  "format": [
    "TEXT",
    "HTML"
  ],
  "page_count": "11",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "Web Authorization Protocol",
  "abstract": "This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed.  This allows the authorization server to clean up security credentials.  A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant.",
  "pub_date": "August 2013",
  "keywords": [],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC7009",
  "errata_url": "https://www.rfc-editor.org/errata/rfc7009"
}