Revoke Refresh Token
POST <https://auth3.upbond.io/oauth/revoke>
Content-Type: application/json
{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"token": "YOUR_REFRESH_TOKEN"
}curl --request POST \\
--url '<https://auth3.upbond.io/oauth/revoke>' \\
--header 'content-type: application/json' \\
--data '{ "client_id": "YOUR_CLIENT_ID", "client_secret": "YOUR_CLIENT_SECRET", "token": "YOUR_REFRESH_TOKEN" }'var request = require("request");
var options = {
method: 'POST',
url: '<https://auth3.upbond.io/oauth/revoke>',
headers: { 'content-type': 'application/json' },
body: {
client_id: 'YOUR_CLIENT_ID',
client_secret: 'YOUR_CLIENT_SECRET',
token: 'YOUR_REFRESH_TOKEN'
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});RESPONSE SAMPLE:
HTTP/1.1 200 OK
(empty-response-body)Use this endpoint to invalidate a Refresh Token if it has been compromised.
Request Parameters
client_id Required
Your application's Client ID.
client_assertion
A JWT containing a signed assertion with your application credentials. Required if the application uses Private Key JWT as the authentication method.
client_assertion_type
The value should be urn:ietf:params:oauth:client-assertion-type:jwt-bearer. Required when using Private Key JWT.
client_secret
Your application's Client Secret. Required when the application is configured with Client Secret Basic or Client Secret Post. Not required if tokenEndpointAuthMethod is set to none.
token Required
The Refresh Token to revoke.
Remarks
For applications that cannot securely store a Client Secret (such as native apps), this endpoint supports omitting the
client_secret. However, the application'stokenEndpointAuthMethodproperty must be set tonone.If your application is configured to revoke grants along with tokens, all refresh tokens associated with the same grant (e.g., for the same user, application, and audience) will be revoked.
Last updated
Was this helpful?