Class TokenRevocationRequest

  • All Implemented Interfaces:
    Message, Request

    @Immutable
    public final class TokenRevocationRequest
    extends AbstractOptionallyIdentifiedRequest
    Token revocation request. Used to revoke an issued access or refresh token.

    Example token revocation request for a confidential client:

     POST /revoke HTTP/1.1
     Host: server.example.com
     Content-Type: application/x-www-form-urlencoded
     Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
    
     token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token
     

    Example token revocation request for a public client:

     POST /revoke HTTP/1.1
     Host: server.example.com
     Content-Type: application/x-www-form-urlencoded
    
     token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token&client_id=123456
     

    Related specifications:

    • OAuth 2.0 Token Revocation (RFC 7009), section 2.1.
    • Constructor Detail

      • TokenRevocationRequest

        public TokenRevocationRequest​(URI uri,
                                      ClientAuthentication clientAuth,
                                      Token token)
        Creates a new token revocation request for a confidential client.
        Parameters:
        uri - The URI of the token revocation endpoint. May be null if the toHTTPRequest() method will not be used.
        clientAuth - The client authentication. Must not be null.
        token - The access or refresh token to revoke. Must not be null.
      • TokenRevocationRequest

        public TokenRevocationRequest​(URI uri,
                                      ClientID clientID,
                                      Token token)
        Creates a new token revocation request for a public client.
        Parameters:
        uri - The URI of the token revocation endpoint. May be null if the toHTTPRequest() method will not be used.
        clientID - The client ID. Must not be null.
        token - The access or refresh token to revoke. Must not be null.
    • Method Detail

      • getToken

        public Token getToken()
        Returns the token to revoke. The instanceof operator can be used to infer the token type. If it's neither AccessToken nor RefreshToken the token_type_hint has not been provided as part of the token revocation request.
        Returns:
        The token.
      • toHTTPRequest

        public HTTPRequest toHTTPRequest()
        Description copied from interface: Request
        Returns the matching HTTP request.
        Returns:
        The HTTP request.
      • parse

        public static TokenRevocationRequest parse​(HTTPRequest httpRequest)
                                            throws ParseException
        Parses a token revocation request from the specified HTTP request.
        Parameters:
        httpRequest - The HTTP request. Must not be null.
        Returns:
        The token revocation request.
        Throws:
        ParseException - If the HTTP request couldn't be parsed to a token revocation request.