Matt Raible
Access tokens can’t be revoked. Refresh tokens can be revoked.
aaronpk
Access tokens can be revoked at the authorization server, but if your APIs are only doing local token validation then they won’t ever know that the token has been revoked. One of our recent blog posts has a demo of this: https://developer.okta.com/…
Vinoth K
Brilliant article for OAuth2! Very helpful! thanks!
Manthan Admane
Great article.
The “think of this like hotel key cards” was just amazingly simple to co-relate to.
Thanks for the post 
Sridharan Ramachandran
Best Explanation for OAuth. Really appreciate the work.
joony
Googleis presenting a screen letting the user allow the application (SomeApp) access the resource (Gmail). Here Google and Gmail are from the same company. What is au th server is Okta? Is that a valid scenario? Can Okta present a screen asking for permission and the resource server Gmail give access based on the token given by Okta full information on satta matka
Krishna Chidirala
Very detailed and informative article about OAuth2 any layman can understand. Thanks.
Алексей Дзюба
Great article. Thanks a lot!
Joe Peace
thank you, excellent article
channagiri manasa srivani
very nicely presented and well articulated. The blog post as well as the video presentation were very useful for understanding the practical usage of OAuth 2.0 and OpenID Connect.
Michael-O
Nice writeup. Reads like a complete ripoff of Kerberos for the Web.
Thanks for this really great article!
It really cleared up a lot of noise around Oauth.
Hi, if application deployed on different nodes of a App server and suppose if we have multiple app server, then how to coordinate with Oath2 token… how to balance oath token
Hey @sanjaysrswt!
Great question! Take a look at this post: Session Clustering for OAuth 2.0 Applications | Okta Developer
If that doesn’t answer your question let us know the specifics of your application and maybe we can point you in the right direction!