TsgcHTTP_OAuth2_Client.OnAfterRevokeToken
Click here to see this page in full context

TsgcHTTP_OAuth2_ClientEvents › OnAfterRevokeToken

OnAfterRevokeToken Event

Fires after the revocation endpoint successfully invalidates the token.

Syntax

property OnAfterRevokeToken: TsgcOnAuth2AfterRevokeToken;
// TsgcOnAuth2AfterRevokeToken = procedure(Sender: TObject; const Token, TokenTypeHint, RawResponse: String) of object

Default Value

Remarks

OnAfterRevokeToken is raised when the authorization server answers the revocation request with a 200 OK. Per RFC 7009 the body is normally empty, so Token echoes the token that was revoked, TokenTypeHint echoes the hint (access_token or refresh_token) that was sent with the request, and RawResponse contains any raw body the server chose to return. After this event the revoked token can no longer be used at the resource server; the application should clear any cached copy.

Example


procedure OnOAuth2AfterRevokeToken(Sender: TObject; const Token, TokenTypeHint, RawResponse: string);
begin
  DoLog('AfterRevokeToken: ' + TokenTypeHint + ' revoked');
  // drop any cached copy of the revoked token
  ClearStoredToken(Token);
end;

Back to Events