Attempts to revoke an access or refresh token when the provider exposes a revocation endpoint (RFC 7009).
Authentication mirrors the provider's token_auth_style (same as token
exchange and introspection).
Best-effort semantics:
If the provider does not expose a revocation endpoint, returns
supported = FALSE,revoked = NA, andstatus = "revocation_unsupported".If the selected token value is missing, returns
supported = TRUE,revoked = NA, andstatus = "missing_token".If the endpoint returns a 2xx, returns
supported = TRUE,revoked = TRUE, andstatus = "ok".If the endpoint returns an HTTP error, returns
supported = TRUE,revoked = NA, andstatus = "http_<code>".
Usage
revoke_token(
oauth_client,
oauth_token,
which = c("refresh", "access"),
async = FALSE,
shiny_session = NULL
)Arguments
- oauth_client
OAuthClient object
- oauth_token
OAuthToken object containing tokens to revoke
- which
Which token to revoke: "refresh" (default) or "access"
- async
Logical, default FALSE. If TRUE and an async backend is configured, the operation is dispatched through shinyOAuth's async promise path and this function returns a promise-compatible async result that resolves to the result list. mirai::mirai is preferred when daemons are configured via
mirai::daemons(); otherwise the current future::future plan is used. Non-sequential future plans run off the main R session;future::sequential()stays in-process.- shiny_session
Optional pre-captured Shiny session context (from
capture_shiny_session_context()) to include in audit events. Used when calling from async workers that lack access to the reactive domain.
Value
A list with fields:
supported: logical,TRUEwhen a revocation endpoint is configured.revoked: logical orNA,TRUEwhen the provider accepted the revocation request,NAwhen revocation could not be attempted or the result is unknown.status: machine-readable status such as"ok","missing_token","revocation_unsupported", or"http_<code>".