RFC 7009: Token Revocation

tools.ietf.org/html/rfc7009

The Token Revocation extension defines a mechanism for clients to indicate to the authorization server that an access token is no longer needed. This is used to enable a "log out" feature in clients, allowing the authorization server to clean up any security credentials associated with the authorization.

Related Specs:

• OAuth 2.0 Bearer Token Usage (RFC 6750)
• Token Introspection (RFC 7662)
• JSON Web Token (RFC 7519)
• JWT Profile for Access Tokens

More resources

• Revoking Access (oauth.com)