AblyDocs

Auth revoke-token

Open in

Use the ably auth revoke-token command to revoke Ably tokens by client ID or revocation key. The Ably revocation API does not support revoking a single token by its string value, so you must target tokens using one of these specifiers. See token revocation for details.

Synopsis

ably auth revoke-token [options]

Options

You must provide either --client-id or --revocation-key. The two flags are mutually exclusive.

--app

The app ID or name the tokens belong to. Uses the currently selected app if not specified.

--client-id

Revoke all tokens issued to this client ID. Mutually exclusive with --revocation-key.

--revocation-key

Revoke all tokens matching this revocation key. Only applies to JWT tokens that include the x-ably-revocation-key claim. Mutually exclusive with --client-id.

--allow-reauth-margin

Delay enforcement of the revocation by 30 seconds, giving connected clients a grace period to obtain new tokens before being disconnected. Defaults to false.

--force | -f

Skip the confirmation prompt and revoke tokens immediately. Required when using --json or --pretty-json.

--json

Output results as compact JSON. Mutually exclusive with --pretty-json.

--pretty-json

Output results in formatted JSON. Mutually exclusive with --json.

--verbose | -v

Enable verbose logging. Can be combined with --json or --pretty-json.

Examples

Revoke all tokens for a specific client ID:

ably auth revoke-token --client-id "userClientId"

Revoke tokens without the confirmation prompt:

ably auth revoke-token --client-id "userClientId" --force

Revoke all JWT tokens that share a revocation key:

ably auth revoke-token --revocation-key group1

Revoke tokens with a 30-second grace period for connected clients to reauthenticate:

ably auth revoke-token --client-id "userClientId" --allow-reauth-margin

Revoke tokens and output the result in JSON format (requires --force):

ably auth revoke-token --client-id "userClientId" --json --force

See also