issued with o ff line_access SHOULD NOT be revoked" Token Revocation Requires a token as input CAEP "Session Revoked" Signal Is only a signal, not a command, does not guarantee any outcome
a group or is terminated • Given a subject (user) identi f ier, revoke all sessions and tokens for that user, at the IdP and across all apps • Optionally distinguish between revoking sessions and revoking o ff line_access tokens
all sessions and tokens issued to every application on only that device, while retaining sessions and tokens on other devices • POST /revoke client_instance=123456
sessions and tokens for all users of a speci f ic application • POST authorization-server.com/revoke client_id=chat_app POST example-app.com/revoke client_id=ios