Revocation.CanRefreshTokensBeRevoked

Can refresh tokens be revoked

This test checks if the revocation endpoint supports revoking refresh tokens.

View source code on GitHub

Documents

This test is part of the following document(s):

• OAuth 2.0 Token Revocation (RFC7009), section 2 (must)
• OAuth2 Attacks & Defenses (AttsDefs), section unknown (must)

Back to the test case overview or the threat overview