TsgcHTTP_OAuth2_Client › Methods › Revoke
Revokes an access or refresh token per RFC 7009.
procedure Revoke(const aToken: String; const aTokenTypeHint: String = '');| Name | Type | Description |
|---|---|---|
aToken | const String | The access or refresh token to invalidate at the authorization server. |
aTokenTypeHint | const String | Optional hint about the token type, typically 'access_token' or 'refresh_token'. Defaults to an empty string, which lets the server infer the type. |
Sends a POST request to AuthorizationServerOptions.RevocationURL as defined in RFC 7009, asking the authorization server to invalidate the supplied token. Requires AuthorizationServerOptions.RevocationURL to be set. The OnBeforeRevokeToken, OnAfterRevokeToken and OnErrorRevokeToken events are raised during the operation.
// Revoke the current access token
OAuth2Client.Revoke(OAuth2Client.AccessToken, 'access_token');
// Revoke a refresh token
OAuth2Client.Revoke(OAuth2Client.CurrentRefreshToken, 'refresh_token');
// Revoke without specifying the token type hint
OAuth2Client.Revoke(OAuth2Client.AccessToken);