%% You should probably cite rfc7009 instead of this I-D. @techreport{ietf-oauth-revocation-09, number = {draft-ietf-oauth-revocation-09}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/09/}, author = {Torsten Lodderstedt and Stefanie Dronia and Marius Scurtescu}, title = {{OAuth 2.0 Token Revocation}}, pagetotal = 10, year = 2013, month = may, day = 19, abstract = {This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to cleanup security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant.}, }