Skip to content

Add endpoint to Admin API to revoke access tokens #1728

Closed
Closed
Add endpoint to Admin API to revoke access tokens#1728
Labels
featNew feature or request.help wantedWe are looking for help on this one.package/oauth2
Milestone
v1.11
@aeneasr

Description

@aeneasr
aeneasr
opened on Feb 18, 2020

Is your feature request related to a problem? Please describe.

It's currently not possible to revoke access tokens from client_credentials grants. This has been requested and I think it is a good idea to allow deletion of tokens based on the client_id. This makes sense if you lose trust in a client, for example, or if the secret changes.

Describe the solution you'd like

Similar to this API endpoint it should be possible to revoke tokens without a consent session attached as well. A good endpoint would be:

DELETE <hydra-admin>/oauth2/tokens?client_id=...

Additional context

https://community.ory.sh/t/disable-client-in-hydra-for-a-while-and-re-enable-it/1510/8

Metadata

Metadata

Assignees

No one assigned

    Labels

    featNew feature or request.help wantedWe are looking for help on this one.package/oauth2

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions