Newer Version Available

This content describes an older version of this product. View Latest

OauthToken Class

Contains a method to revoke OAuth access tokens and refresh tokens. This method supports opaque tokens and JSON Web Token (JWT)-based access tokens, including guest and named user JWT-based access tokens.

Namespace

Auth

Usage

When a client completes an authorization flow and is authorized to access Salesforce data, they’re issued an access token, which the client can use to make authenticated requests for protected Salesforce resources. The client can also use refresh tokens to get more access tokens. If you don’t want the client to access Salesforce data anymore, revoke its Salesforce tokens.

This class is distinct from the Auth.AuthToken class, which contains a method to revoke tokens issued by a third-party provider instead of Salesforce tokens.

OauthToken Methods

The following are methods for OauthToken.

revokeToken(type, authToken)

Revokes Salesforce-issued OAuth tokens.

Signature

public static Boolean revokeToken(Auth.OauthTokenType type, String authToken)

Parameters

type
Type: Auth.OauthTokenType
Specifies the type of token to be revoked. To revoke an opaque access token, use the ACCESS_TOKEN value. To revoke a refresh token and any associated access tokens, use the REFRESH_TOKEN value. To revoke a refresh token and associated access tokens, use the DELETE_TOKEN value. To revoke a JSON Web Token (JWT)-based access token, use the ORG_JWT value.
authToken
Type: String
The access token (opaque or JWT-based), refresh token, or delete token issued by Salesforce.

Return Value

Type: Boolean

The method returns true if successful, and false if not. For invalid or expired tokens, the method returns a NoDataFoundException exception.