Salesforce-Platform-Identity-and-Access-Management-Architect Practice Test

Salesforce Spring 25 Release
255 Questions

A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.
Which action will accomplish this?

A. Use a HTTP POST to request the refresh token for the current user.

B. Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current OAuth token.

C. Use a HTTP POST to make a call to the revoke token endpoint.

D. Use a HTTP POST to make a call to the revoke token endpoint.

C. Use a HTTP POST to make a call to the revoke token endpoint.

Explanation:

To invalidate an existing Salesforce OAuth token, the external application needs to make a HTTP POST request to the revoke token endpoint, passing the token as a parameter. This will revoke the access token and the refresh token if available. The other options are not relevant for this scenario.

Reference:

Revoke OAuth Tokens, OAuth 2.0 Token Revocation

Salesforce-Platform-Identity-and-Access-Management-Architect Practice-Test - Home

Page 6 out of 255 Pages

Salesforce-Platform-Identity-and-Access-Management-Architect Practice Test

Question # 6