Please note that by design JSON Web Tokens CANNOT be revoked. They expire automatically when the current time is past to the value in the expiry (exp) claim. We have implemented a workaround to expire JWT using caching.
A revoke API call to the below endpoint with the stated input parameters are required to revoke/cancel the JWT.

attribute type Expected value Example
Nonce query params The nonce must match the nonce provide during token request nonce=gdfgds1
Authorization Headers The JWT used as a bearer token for verification Authorization: Bearer 'eyJqa3sdjfksjdfks'

 

JWT Revoke Endpoints

Environment Method Endpoint IP Whitelisting needed
UAT POST https://api.uat.guardianlife.com/auth/oauth/v2/token/revoke YES

 

Status codes

Status code Response Reason
200 OK None Token successfully revoked
401 Request missing Authorization Data {
 "error": {
 "code": 401.01,
 "message": "Request missing Authorization Data"
 }
}
Bearer token missing
400 Bad Request {
 "error": {
 "code": 400.01,
 "message": "Missing required fields"
 }
}
Nonce is missing
401 Unauthorized {
 "error": {
 "code": 401.01,
 "message": "Token expired or invalid"
 }
}
Token as either expired or already revoked
401 Invalid Nonce {
 "error": {
 "code": 401.01,
 "message": "Invalid Nonce"
 }
}
Invalid Nonce. Nonce does not match the nonce provided