commit 9d93a4bf195495b661d1a837b4b9a789548538a7
parent f23eac076cb7e2b92ed247188e6827f1caf12abb
Author: Florian Dold <florian@dold.me>
Date: Fri, 15 Sep 2023 00:19:28 +0200
dd49: use delete to revoke token
Diffstat:
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/design-documents/049-auth.rst b/design-documents/049-auth.rst
@@ -88,8 +88,10 @@ Token Revocation
-------------------------------
Clients using session tokens log by forgetting the session token.
+Tokens can be explicitly revoked by making a ``DELETE`` request on
+the token endpoint.
-.. http:post:: /${SERVICE}/logout
+.. http:delete:: /${RESOURCE...}/token
Invalidate the access token that is being used to make the request.
