My Oracle Support Banner

OCI Identity Cloud Service (IDCS) - Revoke Refresh Token for Public Client Applications (Doc ID 2900771.1)

Last updated on JANUARY 09, 2024

Applies to:

Identity Cloud Service (IDCS) - Version N/A to N/A
Information in this document applies to any platform.


The business requirement is to revoke refresh tokens for Public (mobile) clients & confidential applications to address security requirements.

When a mobile application is integrated with Oracle Identity Cloud Service (IDCS) by OpenID Connect (3-legged), and the application is registered in Oracle Identity Cloud Service (IDCS) as a public application with clientid (no client secret), Oracle Identity Cloud Service (IDCS) provides a REST API for revoking Refresh Token that requires one of the following options:

The mobile application has only clientid, no client secret, and no administrator access token.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.