Token Revocation and Logging Out
Explore how to revoke access and refresh tokens
Token revocation and logout are two related concepts. Both can be called for a variety of similar reasons, such as a user logging off, a security breach, or a change in permissions. The primary difference lies in their scope of action.
Token revocation focuses on invalidating a specific authentication token while keeping the user's session active. On the other hand, when a user logs out, their session is completely terminated for all applications, and they must re-authenticate to access protected resources.
You can make a similar API call to the HyperID for either action:
POST /auth/realms/HyperID/protocol/openid-connect/logout HTTP/1.1
Host: login.hypersecureid.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
refresh_token=your.refresh.token
&client_id=your_app_client_id
&client_secret=your_app_client_secretPOST /auth/realms/HyperID/protocol/openid-connect/revoke HTTP/1.1
Host: login.hypersecureid.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
token=your.refresh.token
&client_id=your_app_client_id
&client_secret=your_app_client_secretThis API calls include the refresh token as the refresh_token parameter for Logout / as the token parameter for Revoke, the client_id and client_secret from your client's configuration settings (see to the Client Registration chapter for details).
HTTP/1.1 200 OKBoth requests end with same simple response.
Below are examples of the implemented 'Logout' requests:
curl --location 'http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/logout' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'refresh_token=your.refresh.token' \
--data-urlencode 'client_id=your_app_client_id' \
--data-urlencode 'client_secret=your_app_client_secret'var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/x-www-form-urlencoded");
var urlencoded = new URLSearchParams();
urlencoded.append("refresh_token", "your.refresh.token");
urlencoded.append("client_id", "your_app_client_id");
urlencoded.append("client_secret", "your_app_client_secret");
var requestOptions = {
method: 'POST',
headers: myHeaders,
body: urlencoded,
redirect: 'follow'
};
fetch("http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/logout", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));javaconst axios = require('axios');
const qs = require('qs');
let data = qs.stringify({
'refresh_token': 'your.refresh.token',
'client_id': 'your_app_client_id',
'client_secret': 'your_app_client_secret'
});
let config = {
method: 'post',
maxBodyLength: Infinity,
url: 'http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/logout',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
data : data
};
axios.request(config)
.then((response) => {
console.log(JSON.stringify(response.data));
})
.catch((error) => {
console.log(error);
});
import http.client
conn = http.client.HTTPSConnection("login.hypersecureid.com")
payload = 'refresh_token=your.refresh.token&client_id=your_app_client_id&client_secret=your_app_client_secret'
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
conn.request("POST", "/auth/realms/HyperID/protocol/openid-connect/logout", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/logout");
var collection = new List<KeyValuePair<string, string>>();
collection.Add(new("refresh_token", "your.refresh.token"));
collection.Add(new("client_id", "your_app_client_id"));
collection.Add(new("client_secret", "your_app_client_secret"));
var content = new FormUrlEncodedContent(collection);
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync()Last updated