Process Revocation Request
This API revokes access tokens and refresh tokens.
authlete revocation process [flags]
authlete revocation process --service-id <id> --parameters VFGsNK-5sXiqterdaR7b5QbRX9VTwVCQB87jbr2_xAI&token_type_hint=access_token
--body string Request body as JSON (alternative to individual flags). Can also be provided via stdin.
--client-certificate string The client certificate used in the TLS connection between the client application and the revocation endpoint.
--client-certificate-path stringArray The certificate path presented by the client during client authentication.
--client-id Authorization The client ID extracted from Authorization header of the revocation request from the client application.
If the revocation endpoint of the authorization server implementation supports Basic Authentication
as a means of client authentication, and the request from the client application contains its client ID in
`Authorization` header, the value should be extracted and set to this parameter.
--client-secret Authorization The client secret extracted from Authorization header of the revocation request from the client application.
If the revocation endpoint of the authorization server implementation supports basic authentication as a means of
client authentication, and the request from the client application contained its client secret in `Authorization` header,
the value should be extracted and set to this parameter.
-h, --help help for process
--oauth-client-attestation OAuth-Client-Attestation The value of the OAuth-Client-Attestation HTTP header, which is defined in the specification
of [OAuth 2.0 Attestation-Based Client Authentication](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/).
--oauth-client-attestation-pop OAuth-Client-Attestation-PoP The value of the OAuth-Client-Attestation-PoP HTTP header, which is defined in the specification
of [OAuth 2.0 Attestation-Based Client Authentication](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/).
-p, --parameters application/x-www-form-urlencoded OAuth 2.0 token revocation request parameters which are the request parameters that the OAuth 2.0 token revocation endpoint
([RFC 7009](https://datatracker.ietf.org/doc/html/rfc7009)) of the authorization server implementation received from the
client application.
The value of parameters is the entire entity body (which is formatted in application/x-www-form-urlencoded) of the request
from the client application.
[required]
-s, --service-id string A service ID. [required]
--agent-mode Enable structured errors and default TOON output for AI coding agents. Automatically enabled when a known agent environment is detected (CLAUDE_CODE, CURSOR_AGENT, etc.). Use --agent-mode=false to disable.
--bearer Authorization: Bearer <token> Authenticate every request with a **Service Access Token** or **Organization Token**.
Set the token value in the Authorization: Bearer <token> header.
**Service Access Token**: Scoped to a single service. Use when automating service-level configuration or runtime flows.
**Organization Token**: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.
Both token types are issued by the Authlete console or provisioning APIs.
--color string Control colored output: auto (color when output is a TTY), always, or never. Respects NO_COLOR and FORCE_COLOR env vars. (default "auto")
-d, --debug Log request and response diagnostics to stderr
--dry-run Preview the request that would be sent without executing it (output to stderr)
-H, --header stringArray Set a custom HTTP request header (format: "Key: Value"). Can be specified multiple times.
--include-headers Include HTTP response headers in the output
-q, --jq string Filter and transform output using a jq expression (e.g., '.name', '.items[] | .id')
--no-interactive Disable all interactive features (auto-prompting, explorer auto-launch, TUI forms)
-o, --output-format string Specify the output format. Options: pretty, json, yaml, table, toon. (default "pretty")
--server string Select a server by index (for indexed servers) or name (for named servers)
--server-url string Override the default server URL
--timeout string HTTP request timeout (e.g., 30s, 5m, 100ms)
--usage Print the CLI Usage schema in KDL format
- authlete revocation - Operations for revocation