post https://{application_vanity_domain}/users//refresh-tokens/revoke
Revokes all refresh tokens associated with a user.
Required Permissions
Below is the list of required permissions needed to interact with this API. For each permission, the allowed permission boundaries are also specified.
| Permission | Boundary | Description |
|---|---|---|
| refresh-token:revoke | Application | The subject can revoke the refresh tokens for any user under the application to which the subject belongs. |
| Tenant | The subject can revoke refresh tokens for any user in the tenant to which the subject belongs. | |
| Tenant Inclusion List | The subject can revoke the refresh tokens for any user associated with tenants specified in the tenant inclusion list. | |
| Tenant Exclusion List | The subject can revoke refresh tokens for any user associated with tenants that belong to the subject's application but are not on the tenant exclusion list. | |
| Self | A user subject can revoke their own refresh tokens. |