AnsweredAssumed Answered

Revoking OAuth2 Tokens

Question asked by phunter_Latitudegeo on Sep 12, 2018
Latest reply on Mar 26, 2019 by phunter_Latitudegeo

As per the docs (ArcGIS REST API , Authorize—ArcGIS REST API: Users, groups, and content | ArcGIS for Developers ) there is no apparent REST Endpoint for revoking issued OAuth2 Tokens. 


In searching I stumbled across the endpoint which can be used to sign-out of AGOL and other platforms which make use of the esri_auth cookie, however it only ever provides HTML responses, suggesting its strictly a browser flow endpoint and not for use with server side calls. 


Is there a means of revoking OAuth tokens with a purpose built REST Endpoint? Ideally, with functionality to provide either the access token directly, or the refresh token, which would invalid all associated tokens, and a response that isn't HTML.