...
Endpoint: POST /oauth2/revoke
Request Body: OAuthTokenRevocationRequest
Response: By RFC 7009 ยง 2.2, on successful revocation, HTTP 200. No body.
Upon calling this method, the refresh/access token and associated tokens held by this client and associated with the user are revoked. Note: a specific path for this endpoint is not named by OAuth 2.0/OIDC specifications.
Client retrieval of token metadata
Endpoint: GET /oauth2/token/:token_id/metadata
Request Parameter: token_id - the ID of the token to gather metadata about
Response: OAuthTokenInformation
The client can call this endpoint to get token metadata name. This metadata can be displayed to the user so that they may more easily identify the token in use when auditing/revoking tokens.
Requesting a new access token with a refresh token
...