search

Revoke Refresh Token

POST <https://auth3.upbond.io/oauth/revoke>
Content-Type: application/json
{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "token": "YOUR_REFRESH_TOKEN"
}
curl --request POST \\
  --url '<https://auth3.upbond.io/oauth/revoke>' \\
  --header 'content-type: application/json' \\
  --data '{ "client_id": "YOUR_CLIENT_ID", "client_secret": "YOUR_CLIENT_SECRET", "token": "YOUR_REFRESH_TOKEN" }'
var request = require("request");

var options = {
  method: 'POST',
  url: '<https://auth3.upbond.io/oauth/revoke>',
  headers: { 'content-type': 'application/json' },
  body: {
    client_id: 'YOUR_CLIENT_ID',
    client_secret: 'YOUR_CLIENT_SECRET',
    token: 'YOUR_REFRESH_TOKEN'
  },
  json: true
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

RESPONSE SAMPLE:

Use this endpoint to invalidate a Refresh Token if it has been compromised.

hashtag
Request Parameters

Parameter
Description

client_id Required

Your application's Client ID.

client_assertion

A JWT containing a signed assertion with your application credentials. Required if the application uses Private Key JWT as the authentication method.

client_assertion_type

The value should be urn:ietf:params:oauth:client-assertion-type:jwt-bearer. Required when using Private Key JWT.

client_secret

Your application's Client Secret. Required when the application is configured with Client Secret Basic or Client Secret Post. Not required if tokenEndpointAuthMethod is set to none.

token Required

The Refresh Token to revoke.

hashtag
Remarks

  • For applications that cannot securely store a Client Secret (such as native apps), this endpoint supports omitting the client_secret. However, the application's tokenEndpointAuthMethod property must be set to none.

  • If your application is configured to revoke grants along with tokens, all refresh tokens associated with the same grant (e.g., for the same user, application, and audience) will be revoked.

PreviousRefresh TokenNextErrors

Last updated

Was this helpful?