Scenario

I know that active offline tokens can be revoked by either the user - trough the Account API, or the Admin - through the Admin REST API. What I would like to do, is to enable the client to revoke it's own active offline tokens. Assuming I have checked "Revoke Refresh Token", a particular offline token could be revoked when getting a new one. The problem is that I'm still getting an active new one. Also, a timeout-based approach won't really work in this scenario.

Question

Is there an existing way to achieve this, or will I have to create a custom endpoint?

Nevermind.
Keycloak has a regular OAuth 2.0 Token Revocation Endpoint.
https://www.keycloak.org/docs/latest/securing_apps/#_token_revocation_endpoint

A good nights sleep does wonders sometimes…