Token and Credential Revocation
QNSP supports immediate revocation of tokens and credentials.
Token and Credential Revocation
QNSP supports immediate revocation of tokens and credentials.
Token revocation
By refresh token
POST /auth/token/revoke
{
"refreshToken": "<token>"
}
By token ID
POST /auth/token/revoke
{
"tokenId": "<uuid>"
}
An optional reason can also be provided.
Revocation reasons
user_logout: User-initiatedrotated: Replaced by new tokenadmin_revoke: Administrative actionsecurity_incident: Security responseexpired: Natural expiry
Access token handling
Access tokens are short-lived and not individually revoked. Instead:
- Revoke the refresh token
- Wait for access token expiry
Credential revocation
WebAuthn credentials
DELETE /auth/webauthn/credentials/{credentialId}?userId=<user_uuid>