Global Token Revocation

The Global Token Revocation API provides a comprehensive solution for managing security across multiple applications and services. This API extends beyond the standard OAuth 2.0 token revocation, enabling the revocation of SSWS tokens and facilitating IdP-initiated sign-out processes.

Initiate the global revocation of all tokens and sessions
OAuth 2.0: `okta.universalLogout.manage`

Initiates the global revocation of all tokens and sessions for a specified user enabling external Identity Providers to trigger a comprehensive sign-out process. This includes executing IdP-initiated sign-out flows across all applications that are using global token revocation and requiring users to re-authenticate to access protected resources.

Request

Request Body schema: application/json
required

object (sub_id)

format	string The subject identifier format Value: "opaque"
id	string ID of an existing Okta user

Responses

204

No Content

400

Bad Request

403

Forbidden

429

Too Many Requests

post/oauth2/v1/global-token-revocation

Request samples

application/json

{"sub_id": {"format": "opaque",
"id": "00u1dnq5S0CfjlkpABCD"
}
}

Response samples

application/json

{"errorCode": "E0000006",
"errorSummary": "You do not have permission to perform the requested action",
"errorLink": "E0000006",
"errorId": "sampleNUSD_8fdkFd8fs8SDBK",
"errorCauses": [ ]
}

Social
CONTACT & LEGAL
MORE INFORMATION
okta.com
Products, case studies, resources
Help Center
Knowledgebase, roadmaps, and more
Trust
System status, security, compliance

Global Token Revocation

Initiate the global revocation of all tokens and sessionsOAuth 2.0: okta.universalLogout.manage

Request Body schema: application/jsonrequired

Initiate the global revocation of all tokens and sessions
OAuth 2.0: `okta.universalLogout.manage`

Request Body schema: application/json
required