TsgcHTTP_OAuth2_Server › Methods › RemoveToken
Revokes a specific access token previously issued by the server.
function RemoveToken(const aToken: string): Boolean;| Name | Type | Description |
|---|---|---|
aToken | const string | The access token string to invalidate. It must match a token currently held in the server store. |
Returns True when the token is found and removed from the store; False when no matching token exists. (Boolean)
After the token is removed, any subsequent request presenting it fails the IsOAuth2TokenValid check and the client is treated as unauthorized. Use RemoveTokenByRefreshToken when you only know the refresh token.
// Forcibly revoke an access token (for example, after a logout)
if OAuth2.RemoveToken('abc123accesstoken') then
WriteLn('Token revoked');