ExMCP.Authorization.TokenRevocation (ex_mcp v0.9.2)

View Source

Client-side OAuth 2.0 Token Revocation (RFC 7009).

Provides functionality for clients to revoke access or refresh tokens at an authorization server's revocation endpoint.

Usage

# Revoke an access token
{:ok, :revoked} = TokenRevocation.revoke(
  "my_access_token",
  "https://auth.example.com/revoke",
  token_type_hint: "access_token",
  client_id: "my_client",
  client_secret: "my_secret"
)

# Revoke a refresh token
{:ok, :revoked} = TokenRevocation.revoke(
  "my_refresh_token",
  "https://auth.example.com/revoke",
  token_type_hint: "refresh_token"
)

Summary

Types

revocation_opts()

Functions

revoke(token, revocation_endpoint, opts \\ [])

Revokes a token at the given revocation endpoint.

Types

revocation_opts()

@type revocation_opts() :: [
  token_type_hint: String.t(),
  client_id: String.t(),
  client_secret: String.t(),
  auth_method: :client_secret_post | :client_secret_basic
]

Functions

revoke(token, revocation_endpoint, opts \\ [])

@spec revoke(String.t(), String.t(), revocation_opts()) ::
  {:ok, :revoked} | {:error, term()}

Revokes a token at the given revocation endpoint.

Per RFC 7009, the server responds with 200 OK regardless of whether the token was valid or already revoked. A non-200 response indicates an error.

Options

  • :token_type_hint - Either "access_token" or "refresh_token". Helps the server optimize its lookup.
  • :client_id - The client identifier for authentication.
  • :client_secret - The client secret for authentication.
  • :auth_method - Authentication method. Defaults to :client_secret_post. Can be :client_secret_basic for HTTP Basic auth.