wso2 · HeshanSudarshana · Apr 16, 2024 · Apr 15, 2024 · Apr 15, 2024 · Apr 15, 2024
@@ -189,7 +189,7 @@ Follow the steps given below to configure WSO2 IS as a Key Manager component:
       <tr class="odd">
       <td>Revoke Endpoint</td>
       <td>The endpoint that revokes the access tokens.</br>
-        e.g., <code>https://localhost:9444/oauth2/revoke</code></code></td>
+        e.g., <code>https://localhost:9444/oauth2/revoke</code></td>
       <td>Optional</td>
       </tr>
       <tr class="even">

@@ -26,7 +26,7 @@ The diagram below illustrates the refresh token grant flow.
 
 To use this grant type, you need a refresh token, using which you can get a new access token and a refresh token. This can be done by issuing a REST call to the Token API through a REST client like cURL, with the following parameters:
 
--   The Token API URL is [https://localhost:9443/oauth2/token](https://localhost:9443/oauth2/login) , assuming that both the client and the Gateway are running on the same server.
+-   The Token API URL is [https://localhost:9443/oauth2/token](https://localhost:9443/oauth2/token) , assuming that both the client and the Gateway are running on the same server.
 -   payload 
 ```
     "grant_type=refresh_token&refresh_token=<refresh-token>"
@@ -43,23 +43,23 @@ For example, the following cURL command can be used to access the Token API.
 
 === "Format"
     ``` java
-    curl -k -d "grant_type=refresh_token&refresh_token=<refresh-token>" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
+    curl -k -d "grant_type=refresh_token&refresh_token=<refresh-token>" -H "Authorization: Basic <base64Encode(clientId:clientSecret)>" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
     ```
 
 === "Example"
     ``` java
-    curl -k -d "grant_type=refresh_token&refresh_token=3154090c-37f1-3268-90f9-8bd84daf135c" -H "Authorization: Basic UXk3RUZfVEtMbEVLWTlVRFpiWHVscVA4ZVVBYTpKSWN3VTlIX1hGUFdTcW1RQmllZ3lJUzRKazhh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
+    curl -k -d "grant_type=refresh_token&refresh_token=bd63be3d-d37e-3689-9488-b9dbbe8d3f9e" -H "Authorization: Basic dTJRMGpDb2RhWklnRlZoZkxUY3VSNHJCX05ZYTpCWkVmaUZBd043NkJDUUxKTjFTcW5YaGxVcm9h" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
     ```
 
 You receive a response similar to the following:
 
-``` java
+``` json
 {
-    "scope":"default",
-    "token_type":"Bearer",
-    "expires_in":3600,
-    "refresh_token":"7ed6bae2b1d36c041787e8c8e2d6cbf8",
-    "access_token":"b7882d23f1f8257f4bc6cf4a20633ab1"
+   "access_token":"eyJ4NXQiOiJPREJtTVRVMFpqSmpPREprTkdZMVpUaG1ZamsyWVRZek56UmpZekl6TVRCbFlqRTBNV0prWTJJeE5qZzNPRGRqWVdRNVpXWmhOV0kwTkRBM1pqTTROUSIsImtpZCI6Ik9EQm1NVFUwWmpKak9ESmtOR1kxWlRobVlqazJZVFl6TnpSall6SXpNVEJsWWpFME1XSmtZMkl4TmpnM09EZGpZV1E1WldaaE5XSTBOREEzWmpNNE5RX1JTMjU2IiwidHlwIjoiYXQrand0IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI5Zjg1MGViNi04NGQ0LTQwZDItYmRhNi04ZWJmYWI2YTUxMWIiLCJhdXQiOiJBUFBMSUNBVElPTl9VU0VSIiwiYXVkIjoidTJRMGpDb2RhWklnRlZoZkxUY3VSNHJCX05ZYSIsIm5iZiI6MTcxMzE2Mjc4NCwiYXpwIjoidTJRMGpDb2RhWklnRlZoZkxUY3VSNHJCX05ZYSIsInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0Ojk1MDAvb2F1dGgyL3Rva2VuIiwiZXhwIjoxNzEzMTY2Mzg0LCJpYXQiOjE3MTMxNjI3ODQsImp0aSI6IjgzNTc2NDEwLTA4NGItNDg4Mi1hZGZlLTYyYjM4M2VjZWI0NCIsImNsaWVudF9pZCI6InUyUTBqQ29kYVpJZ0ZWaGZMVGN1UjRyQl9OWWEifQ.vg_YgUfGWqy6z_LFfJAv0MZtRax09b9MHtA-RA4OKkUISnqcgJiqcP7X4K2NE0sLiL7v3mihBS-gLRb6lH7L2b4nCWwAVD0XR3PVviEBfzeGgse2QTbx_kc7gP10UfqrqBg0-Cj4SHW4XXGXcHytg6n-txJmZwtPNnA3RZSPcIIJbna3iPtfndqLbAJntP45vL-ug_tUKfuW6pKlKcU5yTkEfeajNCr1miRcg4jEfG_fG_iVTYXo9hdR5yeW8l5iU4bDrd9M9UKXpyCsfszlGEBK71qCm2mq2HZOOxn1Cpx2JE6ekfVF85Y_amB-56wsh8HXj22FaZCgU-bCgpmWzw",
+   "refresh_token":"af018b89-8cda-3a01-8c48-c10eff0d1cef",
+   "scope":"default",
+   "token_type":"Bearer",
+   "expires_in":3600
 }
 ```
 
@@ -89,31 +89,33 @@ The parameters required to invoke the following API are as follows:
 
 === "Example"
     ``` java
-    curl -k -v -d "token=c8e8eec2-0092-3ac6-b23f-ef7492f345a6" -H "Authorization: Basic OVRRNVJLZWFhVGZGeUpRSkRzam9aZmp4UkhjYTpDZnJ3ZXRual9ZOTdSSzFTZWlWQWx1aXdVVmth" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/revoke
+    curl -k -v -d "token=af018b89-8cda-3a01-8c48-c10eff0d1cef" -H "Authorization: Basic dTJRMGpDb2RhWklnRlZoZkxUY3VSNHJCX05ZYTpCWkVmaUZBd043NkJDUUxKTjFTcW5YaGxVcm9h" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/revoke
     ```
 
 **Response**
 
 ```
-    > Host: localhost:8243
-    > User-Agent: curl/7.50.2
-    > Accept: */*
-    > Authorization: Basic YjNtTzdkQ2h3UHBfdTVHOFN6cVBzSDVTRnZRYTo4OG16bGFaejc2T2RlekJSNDBwcmZBa2ZNUjBh
-    > Content-Type: application/x-www-form-urlencoded
-    > Content-Length: 42
-    > 
-    < HTTP/1.1 200 OK
-    < X-Frame-Options: DENY
-    < RevokedRefreshToken: c8e8eec2-0092-3ac6-b23f-ef7492f345a6
-    < Cache-Control: no-store
-    < X-Content-Type-Options: nosniff
-    < AuthorizedUser: admin@carbon.super
-    < Pragma: no-cache
-    < RevokedAccessToken: c7febbd3-5f35-3727-ae5f-5a8492b04f93
-    < X-XSS-Protection: 1; mode=block
-    < Content-Type: text/html
-    < Date: Thu, 02 Nov 2017 12:57:58 GMT
-    < Transfer-Encoding: chunked
+> POST /oauth2/revoke HTTP/1.1
+> Host: localhost:9443
+> User-Agent: curl/8.4.0
+> Accept: */*
+> Authorization: Basic dTJRMGpDb2RhWklnRlZoZkxUY3VSNHJCX05ZYTpCWkVmaUZBd043NkJDUUxKTjFTcW5YaGxVcm9h
+> Content-Length: 42
+> Content-Type: application/x-www-form-urlencoded
+>
+< HTTP/1.1 200
+< X-WSO2-TraceId: e74786fd-f680-4ae3-b8fe-e1df5aa904a4
+< X-Frame-Options: DENY
+< X-Content-Type-Options: nosniff
+< Cache-Control: no-store
+< Pragma: no-cache
+< RevokedAccessToken: 83576410-084b-4882-adfe-62b383eceb44
+< RevokedRefreshToken: af018b89-8cda-3a01-8c48-c10eff0d1cef
+< AuthorizedUser: admin@carbon.super
+< Date: Mon, 15 Apr 2024 07:26:42 GMT
+< Content-Type: application/json
+< Content-Length: 0
+< Server: WSO2 Carbon Server
 ```
 
 #### Option 2
@@ -124,7 +126,7 @@ The parameters required to invoke the following API are as follows:
 
 - `base64Encode(clientId:clientSecret)` - Use a base64 encoder to encode your client ID and client secret in the format: `<clientId>:<clientSecret>`. WSO2 does not recommend the use of online base64 encoders for this purpose.
 
-- `token_type_hint -` This parameter is **optional**. If you do not specify this parameter, then WSO2 API Manager will search in both key spaces (access token and refresh token) and if it finds a matching token then it will be revoked. Therefore, if this parameter it not specified the token revocation process takes longer. However, if you specify this parameter then it will only searches in the respective token key space, hence the token revocation process is much faster.
+- `token_type_hint -` This parameter is **optional**. If you do not specify this parameter, then WSO2 API Manager will search in both key spaces (access token and refresh token) and if it finds a matching token then it will be revoked. Therefore, if this parameter it is not specified the token revocation process takes longer. However, if you specify this parameter then it will only search in the respective token key space, hence the token revocation process is much faster.
 
 === "Format"
     ``` java
@@ -133,32 +135,33 @@ The parameters required to invoke the following API are as follows:
 
 === "Example"
     ``` java
-    curl -k -v -d "token=4ed29669-a457-3f83-af1e-180cad271cca&token_type_hint=refresh_token" -H "Authorization: Basic OVRRNVJLZWFhVGZGeUpRSkRzam9aZmp4UkhjYTpDZnJ3ZXRual9ZOTdSSzFTZWlWQWx1aXdVVmth" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/revoke
+    curl -k -v -d "token=b6b5db36-9c1e-31dc-a3c2-283377736dd0&token_type_hint=refresh_token" -H "Authorization: Basic dTJRMGpDb2RhWklnRlZoZkxUY3VSNHJCX05ZYTpCWkVmaUZBd043NkJDUUxKTjFTcW5YaGxVcm9h" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/revoke
     ```
 
 **Response**
 
 ```
-    > POST /revoke HTTP/1.1
-    > Host: localhost:8243
-    > User-Agent: curl/7.50.2
-    > Accept: */*
-    > Authorization: Basic YjNtTzdkQ2h3UHBfdTVHOFN6cVBzSDVTRnZRYTo4OG16bGFaejc2T2RlekJSNDBwcmZBa2ZNUjBh
-    > Content-Type: application/x-www-form-urlencoded
-    > Content-Length: 72
-    > 
-    < HTTP/1.1 200 OK
-    < X-Frame-Options: DENY
-    < RevokedRefreshToken: 4ed29669-a457-3f83-af1e-180cad271cca
-    < Cache-Control: no-store
-    < X-Content-Type-Options: nosniff
-    < AuthorizedUser: admin@carbon.super
-    < Pragma: no-cache
-    < RevokedAccessToken: 23562997-bbc7-353f-a650-16558b7147bc
-    < X-XSS-Protection: 1; mode=block
-    < Content-Type: text/html
-    < Date: Thu, 02 Nov 2017 12:59:41 GMT
-    < Transfer-Encoding: chunked
+> POST /oauth2/revoke HTTP/1.1
+> Host: localhost:9443
+> User-Agent: curl/8.4.0
+> Accept: */*
+> Authorization: Basic dTJRMGpDb2RhWklnRlZoZkxUY3VSNHJCX05ZYTpCWkVmaUZBd043NkJDUUxKTjFTcW5YaGxVcm9h
+> Content-Length: 72
+> Content-Type: application/x-www-form-urlencoded
+>
+< HTTP/1.1 200
+< X-WSO2-TraceId: b29c94ad-6d1c-435a-9423-f8a7ae2d8ddd
+< X-Frame-Options: DENY
+< X-Content-Type-Options: nosniff
+< Cache-Control: no-store
+< Pragma: no-cache
+< RevokedAccessToken: c120a072-b5a6-4dc7-9889-dda037011917
+< RevokedRefreshToken: b6b5db36-9c1e-31dc-a3c2-283377736dd0
+< AuthorizedUser: admin@carbon.super
+< Date: Mon, 15 Apr 2024 07:33:41 GMT
+< Content-Type: application/json
+< Content-Length: 0
+< Server: WSO2 Carbon Server
 ```
 
 !!! tip

@@ -2,7 +2,7 @@
 
 ## Revoking access tokens
 
-After issuing an access token, a user or an admin can revoke it in case of theft or a security violation. You can do this by calling the Revoke API using a utility like cURL. The Revoke API's endpoint URL is `http://localhost:8280/revoke`.
+After issuing an access token, a user or an admin can revoke it in case of theft or a security violation. You can do this by calling the Revoke API using a utility like cURL. The Revoke API's endpoint URL is `https://localhost:9443/oauth2/revoke`.
 
 !!! note
     You can also revoke refresh tokens. For more information, see [Revoking a refresh token]({{base_path}}/design/api-security/oauth2/grant-types/refresh-token-grant/#revoking-a-refresh-token).
@@ -67,5 +67,5 @@ The parameters required to invoke the following API are as follows:
     If you obtained an access token with the JWT grant type, you do not have to provide the client secret to revoke it. The sample cURL command to revoke an access token with JWT grant is given below.
 
     ``` java
-    curl -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "token=<ACCESS_TOKEN_TO_BE_REVOKED>&token_type_hint=access_token&client_id=<CLIENT_ID>" http://localhost:8243/revoke
+    curl -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "token=<ACCESS_TOKEN_TO_BE_REVOKED>&token_type_hint=access_token&client_id=<CLIENT_ID>" https://localhost:9443/oauth2/revoke
     ```
@@ -2812,7 +2812,7 @@ key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKey
 <pre><code class="toml">[apim.oauth_config]
 enable_outbound_auth_header = false
 auth_header = "Authorization"
-revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
+revoke_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/revoke"
 enable_token_encryption = false
 enable_token_hashing = false</code></pre>
                     </div>
@@ -2878,7 +2878,7 @@ enable_token_hashing = false</code></pre>
 
                                         </p>
                                         <div class="param-default">
-                                            <span class="param-default-value">Default: <code>https://localhost:8243/revoke</code></span>
+                                            <span class="param-default-value">Default: <code>https://localhost:9443/oauth2/revoke</code></span>
                                         </div>
                                         <div class="param-possible">
                                             <span class="param-possible-values">Possible Values: <code>Valid URL for revocation endpoint.</code></span>
@@ -5130,7 +5130,7 @@ log_tracer.enable = true
                 <div class="superfences-content">
                     <div class="mb-config-example">
 <pre><code class="toml">[apim.token.revocation]
-notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
+notifier_impl = "org.wso2.carbon.apimgt.notification.TokenRevocationNotifier"
 enable_realtime_notifier = true
 realtime_notifier.ttl = 5000
 enable_persistent_notifier = true

@@ -1,6 +1,6 @@
 [apim.oauth_config]
 enable_outbound_auth_header = false
 auth_header = "Authorization"
-revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
+revoke_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/revoke"
 enable_token_encryption = false
 enable_token_hashing = false
@@ -1,5 +1,5 @@
 [apim.token.revocation]
-notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
+notifier_impl = "org.wso2.carbon.apimgt.notification.TokenRevocationNotifier"
 enable_realtime_notifier = true
 realtime_notifier.ttl = 5000
 enable_persistent_notifier = true

@@ -1068,7 +1068,7 @@
                             "name": "revoke_endpoint",
                             "type": "string",
                             "required": false,
-                            "default": "https://localhost:8243/revoke",
+                            "default": "https://localhost:9443/oauth2/revoke",
                             "possible": "Valid URL for revocation endpoint.",
                             "description": "Token revocation endpoint used in the API Developer Portal"
                         },