Global Token Revocation

The Global Token Revocation API provides a comprehensive solution for managing security across multiple applications and services. This API extends beyond the standard OAuth 2.0 token revocation, enabling the revocation of SSWS tokens and facilitating IdP-initiated sign-out processes.

Initiate the global revocation of all tokens and sessions
OAuth 2.0: okta.userRisk.manage

Initiates the global revocation of all tokens and sessions for a specified user enabling external Identity Providers to trigger a comprehensive sign-out process. This includes executing IdP-initiated sign-out flows across all applications that are using global token revocation and requiring users to re-authenticate to access protected resources.

Request
Request Body schema: application/json
required
object (sub_id)
format
string

The user identifier

Value: "opaque"
id
string

ID of the user

Responses
204

No Content

400

Bad Request

403

Forbidden

429

Too Many Requests

post/oauth2/v1/global-token-revocation
Request samples
application/json
{
  • "format": "opaque",
  • "id": "abc123efg"
}
Response samples
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}