This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to clean up security credentials. This document is an officially published standard.
Full text: https://tools.ietf.org/html/rfc7009
This document introduces a number of security countermeasures for OAuth. The OAuch tests related to these countermeasures are:
Back to the documents overview