RFC 7009: Token Revocation
The Token Revocation extension defines a mechanism for clients to indicate to the authorization server that an access token is no longer needed. This is used to enable a "log out" feature in clients, allowing the authorization server to clean up any security credentials associated with the authorization.
Related Specs:
- OAuth 2.0 Bearer Token Usage (RFC 6750)
- Token Introspection (RFC 7662)
- JSON Web Token (RFC 7519)
- JWT Profile for Access Tokens
More resources
- Revoking Access (oauth.com)