SignInService / Client / revoke_oauth2_token_with_iam

revoke_oauth2_token_with_iam

SignInService.Client.revoke_oauth2_token_with_iam(**kwargs)

Grants permission to revoke an OAuth 2.0 refresh token and its associated refresh tokens

Revokes a refresh_token issued by AWS Sign-In, invalidating the entire token chain so that the refresh_token can no longer be used to mint new access_tokens.

Idempotency: revoking an already-revoked, expired, or otherwise invalid token still returns 200 OK with an empty body. Only the refresh_token type is accepted.

See also: AWS API Documentation

Request Syntax

response = client.revoke_oauth2_token_with_iam(
    token='string'
)
Parameters:

token (string) –

[REQUIRED]

The refresh_token to revoke. Must be a refresh_token issued by AWS Sign-In (prefix “ASOR”); access_tokens are not accepted for revocation.

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

  • (dict) –

    Output structure for RevokeOAuth2TokenWithIAM operation

    RFC 7009 §2.2 revocation response. The endpoint returns 200 OK with an empty body on success; there are no response fields.

Exceptions