JanssenProject · yuriyz · May 24, 2024 · May 22, 2024 · May 24, 2024 · May 24, 2024
diff --git a/docs/admin/auth-server/endpoints/global-token-revocation.md b/docs/admin/auth-server/endpoints/global-token-revocation.md
@@ -0,0 +1,54 @@
+---
+tags:
+- administration
+- auth-server
+- session-revocation
+- endpoint
+---
+
+# Overview
+
+Janssen Server provides global token revocation endpoint to enable the client to revoke all tokens and sessions of a user.
+Janssen Server provides this endpoint to allow greater 
+control and better management of sessions on OP.
+
+URL to access revocation endpoint on Janssen Server is listed in the response of Janssen Server's well-known
+[configuration endpoint](./configuration.md) given below.
+
+```text
+https://janssen.server.host/jans-auth/.well-known/openid-configuration
+```
+
+`global_token_revocation_endpoint` claim in the response specifies the URL for global token revocation endpoint. By default, global token revocation endpoint
+looks like below:
+
+```
+https://janssen.server.host/jans-auth/restv1/global-token-revocation
+```
+
+More information about request and response of the global token revocation endpoint can be found in
+the OpenAPI specification of [jans-auth-server module](https://gluu.org/swagger-ui/?url=https://raw.githubusercontent.com/JanssenProject/jans/vreplace-janssen-version/jans-auth-server/docs/swagger.yaml).
+
+## Usage
+
+A request to this endpoint can revoke all tokens and sessions of one particular user. Use the request parameters to specify 
+criteria to select the user. If there are multiple users matching the given criteria, the first found user will be affected.
+
+- View full sample execution log [here](../../../assets/log/global-token-revocation-run-log.txt)
+
+## Disabling The Endpoint Using Feature Flag
+
+`Global Token Revocation` endpoint can be enabled or disable using [GLOBAL_TOKEN_REVOCATION feature flag](../../reference/json/feature-flags/janssenauthserver-feature-flags.md#globaltokenrevocation).
+Use [Janssen Text-based UI(TUI)](../../config-guide/config-tools/jans-tui/README.md) or [Janssen command-line interface](../../config-guide/config-tools/jans-cli/README.md) to perform this task.
+
+When using TUI, navigate via `Auth Server`->`Properties`->`enabledFeatureFlags` to screen below. From here, enable or
+disable `GLOBAL_TOKEN_REVOCATION` flag as required.
+
+![](../../../assets/image-tui-enable-components.png)
+
+## Required Scopes
+
+A client must have the following scope in order to use this endpoint:
+
+- `global_token_revocation`
+
diff --git a/docs/admin/auth-server/oauth-features/README.md b/docs/admin/auth-server/oauth-features/README.md
@@ -30,6 +30,7 @@ The [Janssen Authentication Server](https://github.com/JanssenProject/jans/tree/
 - The Use of Attestation in OAuth 2.0 Dynamic Client Registration [(spec draft)](https://www.ietf.org/id/draft-tschofenig-oauth-attested-dclient-reg-00.html)
 - OpenID Connect Core Error Code unmet_authentication_requirements [(spec)](https://openid.net/specs/openid-connect-unmet-authentication-requirements-1_0.html)
 - Transaction Tokens [(spec)](https://drafts.oauth.net/oauth-transaction-tokens/draft-ietf-oauth-transaction-tokens.html)
+- Global Token Revocation [(spec)](https://www.ietf.org/archive/id/draft-parecki-oauth-global-token-revocation-03.html)
 
 
 ## Protocol Overview

diff --git a/docs/admin/auth-server/session-management/README.md b/docs/admin/auth-server/session-management/README.md
@@ -61,7 +61,7 @@ Jans Auth Server updates `lastUsedAt` property of the session object:
 The [End Session endpoint](../endpoints/end-session.md) (`/end_session`)
 is where the user can end their own session. See [OpenID Logout](../openid-features/logout/README.md) for more information.
 
-To end another person's session, Jans Auth Server has a [Session Revocation Endpoint](../endpoints/session-revocation.md) (`/revoke_session`).
+To end another person's session, Jans Auth Server supports both [Session Revocation Endpoint](../endpoints/session-revocation.md) (`/revoke_session`) and [Global Session Revocation Endpoint](../endpoints/global-token-revocation.md) (`/global-token-revocation`').
 
 ## Session Event Interception Scripts
 

diff --git a/docs/admin/auth-server/tokens/oauth-tx-tokens.md b/docs/admin/auth-server/tokens/oauth-tx-tokens.md
@@ -94,7 +94,7 @@ POST /jans-auth/restv1/token HTTP/1.1
 Host: yuriyz-adjusted-coyote.gluu.info
 Content-Type: application/x-www-form-urlencoded
 
-grant_type=tx_token&audience=http%3A%2F%2Ftrusted.com&subject_token=5fb696ac-638a-4dbf-81cd-27daeb61caf9&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Atxn_token&rctx=%7B%22req_ip%22%3A%2269.151.72.123%22%7D
+grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&audience=http%3A%2F%2Ftrusted.com&subject_token=5fb696ac-638a-4dbf-81cd-27daeb61caf9&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Atxn_token&rctx=%7B%22req_ip%22%3A%2269.151.72.123%22%7D
 ```
 
 **Sample response**

diff --git a/docs/admin/install/install-faq.md b/docs/admin/install/install-faq.md
@@ -82,8 +82,9 @@ specification. Sample below:
   "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
   "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
   "session_revocation_endpoint" : "https://janssen-host-name/jans-auth/restv1/revoke_session",
+  "global_token_revocation_endpoint" : "https://janssen-host-name/jans-auth/restv1/global-token-revocation",
   "check_session_iframe" : "https://janssen-host-name/jans-auth/opiframe.htm",
-  "scopes_supported" : [ "https://jans.io/scim/all-resources.search", "address", "user_name", "clientinfo", "openid", "https://jans.io/scim/fido2.write", "profile", "uma_protection", "permission", "https://jans.io/scim/fido.read", "https://jans.io/scim/users.write", "https://jans.io/scim/groups.read", "revoke_session", "https://jans.io/scim/fido.write", "https://jans.io/scim/bulk", "https://jans.io/scim/users.read", "phone", "mobile_phone", "offline_access", "https://jans.io/scim/groups.write", "email", "https://jans.io/scim/fido2.read", "jans_client_api" ],
+  "scopes_supported" : [ "https://jans.io/scim/all-resources.search", "address", "user_name", "clientinfo", "openid", "https://jans.io/scim/fido2.write", "profile", "uma_protection", "permission", "https://jans.io/scim/fido.read", "https://jans.io/scim/users.write", "https://jans.io/scim/groups.read", "revoke_session", "global_token_revocation", "https://jans.io/scim/fido.write", "https://jans.io/scim/bulk", "https://jans.io/scim/users.read", "phone", "mobile_phone", "offline_access", "https://jans.io/scim/groups.write", "email", "https://jans.io/scim/fido2.read", "jans_client_api" ],
   "backchannel_logout_supported" : true,
   "acr_values_supported" : [ "simple_password_auth" ],
   "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],

diff --git a/docs/assets/log/global-token-revocation-run-log.txt b/docs/assets/log/global-token-revocation-run-log.txt
diff --git a/docs/assets/log/tx-token-replace-run-log.txt b/docs/assets/log/tx-token-replace-run-log.txt
@@ -246,7 +246,7 @@ POST /jans-auth/restv1/token HTTP/1.1
 Host: yuriyz-adjusted-coyote.gluu.info
 Content-Type: application/x-www-form-urlencoded
 
-grant_type=tx_token&audience=http%3A%2F%2Ftrusted.com&subject_token=15c8e08a-fc90-4e34-b378-4c9e8f603e2a&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Atxn_token&request_context=eyAiaXBfYWRkcmVzcyI6ICIxMjcuMC4wLjEiLCAiY2xpZW50IjogIm1vYmlsZS1hcHAiLCAiY2xpZW50X3ZlcnNpb24iOiAidjExIiB9
+grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&audience=http%3A%2F%2Ftrusted.com&subject_token=15c8e08a-fc90-4e34-b378-4c9e8f603e2a&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Atxn_token&request_context=eyAiaXBfYWRkcmVzcyI6ICIxMjcuMC4wLjEiLCAiY2xpZW50IjogIm1vYmlsZS1hcHAiLCAiY2xpZW50X3ZlcnNpb24iOiAidjExIiB9
 
 -------------------------------------------------------
 RESPONSE:
@@ -282,7 +282,7 @@ POST /jans-auth/restv1/token HTTP/1.1
 Host: yuriyz-adjusted-coyote.gluu.info
 Content-Type: application/x-www-form-urlencoded
 
-grant_type=tx_token&audience=http%3A%2F%2Ftrusted2.com&subject_token=eyJraWQiOiJjb25uZWN0XzBlZGMxOTIyLTk1MjAtNDFkNi1iZGMyLTk3ZjdmYWMwMzRkMl9zaWdfcnMyNTYiLCJ0eXAiOiJqd3QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsiN2ZmNTM1ZGQtODk0ZS00OTg2LThjZjQtNzFiYzRiNjUxZWE0IiwiaHR0cDovL3RydXN0ZWQuY29tIl0sInJlcV9jdHgiOnsicmVxX2lwIjoiNjkuMTUxLjcyLjEyMyJ9LCJzdWJfaWQiOiIiLCJpc3MiOiJodHRwczovL3l1cml5ei1hZGp1c3RlZC1jb3lvdGUuZ2x1dS5pbmZvIiwiYXpkIjp7ImNsaWVudF9pZCI6IjdmZjUzNWRkLTg5NGUtNDk4Ni04Y2Y0LTcxYmM0YjY1MWVhNCJ9LCJ0eG4iOiI2OWFhZjk4Ni00OTkxLTRhZDYtYmZlZi1mMjJjZjY1NGE3NTkiLCJleHAiOjE3MDUwNTQ5MzMsImlhdCI6MTcwNTA1NDc1M30.Q3KndMBp4Md2OhWi-hvEWsbtj8lOtuyjCZxyZeSI9YbIHuZNdb4a_7S3TlLF8cVNvtgWTyCxn0lSZprupMy-om-6EcWbkYW0xCnqe2OwX_8aTn3HaPFvHC-orpMvOXsV5goFHD9KiWOQcQoijPeQC4TlhiwIsyVw9z81HfpAzjwJ0CZW7dgzM8tWT9K08aSMDbO8k2m6RvkqaRh8t60skEtyaaTQqlyc1zlW8VTXDSjCay2sEDcU_DkSzBduEqHr67b8zxKgi83KAiqGhlAey913iXI2V4UIIS6MegvcF9Z7APjVZXw5EyNz6Xc_eg31gyxYR4hbYBOqDxiGtikqAQ&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Atxn_token&request_context=eyAiaXBfYWRkcmVzcyI6ICIxMjcuMC4wLjEiLCAiY2xpZW50IjogIm1vYmlsZS1hcHAiLCAiY2xpZW50X3ZlcnNpb24iOiAidjExIiB9
+grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&audience=http%3A%2F%2Ftrusted2.com&subject_token=eyJraWQiOiJjb25uZWN0XzBlZGMxOTIyLTk1MjAtNDFkNi1iZGMyLTk3ZjdmYWMwMzRkMl9zaWdfcnMyNTYiLCJ0eXAiOiJqd3QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsiN2ZmNTM1ZGQtODk0ZS00OTg2LThjZjQtNzFiYzRiNjUxZWE0IiwiaHR0cDovL3RydXN0ZWQuY29tIl0sInJlcV9jdHgiOnsicmVxX2lwIjoiNjkuMTUxLjcyLjEyMyJ9LCJzdWJfaWQiOiIiLCJpc3MiOiJodHRwczovL3l1cml5ei1hZGp1c3RlZC1jb3lvdGUuZ2x1dS5pbmZvIiwiYXpkIjp7ImNsaWVudF9pZCI6IjdmZjUzNWRkLTg5NGUtNDk4Ni04Y2Y0LTcxYmM0YjY1MWVhNCJ9LCJ0eG4iOiI2OWFhZjk4Ni00OTkxLTRhZDYtYmZlZi1mMjJjZjY1NGE3NTkiLCJleHAiOjE3MDUwNTQ5MzMsImlhdCI6MTcwNTA1NDc1M30.Q3KndMBp4Md2OhWi-hvEWsbtj8lOtuyjCZxyZeSI9YbIHuZNdb4a_7S3TlLF8cVNvtgWTyCxn0lSZprupMy-om-6EcWbkYW0xCnqe2OwX_8aTn3HaPFvHC-orpMvOXsV5goFHD9KiWOQcQoijPeQC4TlhiwIsyVw9z81HfpAzjwJ0CZW7dgzM8tWT9K08aSMDbO8k2m6RvkqaRh8t60skEtyaaTQqlyc1zlW8VTXDSjCay2sEDcU_DkSzBduEqHr67b8zxKgi83KAiqGhlAey913iXI2V4UIIS6MegvcF9Z7APjVZXw5EyNz6Xc_eg31gyxYR4hbYBOqDxiGtikqAQ&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Atxn_token&request_context=eyAiaXBfYWRkcmVzcyI6ICIxMjcuMC4wLjEiLCAiY2xpZW50IjogIm1vYmlsZS1hcHAiLCAiY2xpZW50X3ZlcnNpb24iOiAidjExIiB9
 
 -------------------------------------------------------
 RESPONSE:

diff --git a/docs/assets/log/tx-token-request-run-log.txt b/docs/assets/log/tx-token-request-run-log.txt
@@ -246,7 +246,7 @@ POST /jans-auth/restv1/token HTTP/1.1
 Host: yuriyz-adjusted-coyote.gluu.info
 Content-Type: application/x-www-form-urlencoded
 
-grant_type=tx_token&audience=http%3A%2F%2Ftrusted.com&subject_token=5fb696ac-638a-4dbf-81cd-27daeb61caf9&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Atxn_token&request_context=eyAiaXBfYWRkcmVzcyI6ICIxMjcuMC4wLjEiLCAiY2xpZW50IjogIm1vYmlsZS1hcHAiLCAiY2xpZW50X3ZlcnNpb24iOiAidjExIiB9
+grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&audience=http%3A%2F%2Ftrusted.com&subject_token=5fb696ac-638a-4dbf-81cd-27daeb61caf9&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Atxn_token&request_context=eyAiaXBfYWRkcmVzcyI6ICIxMjcuMC4wLjEiLCAiY2xpZW50IjogIm1vYmlsZS1hcHAiLCAiY2xpZW50X3ZlcnNpb24iOiAidjExIiB9
 
 -------------------------------------------------------
 RESPONSE:

@@ -0,0 +1,69 @@
+package io.jans.as.client;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.jans.as.model.common.SubId;
+import io.jans.as.model.revoke.GlobalTokenRevocationRequest;
+import jakarta.ws.rs.HttpMethod;
+import jakarta.ws.rs.client.Entity;
+import jakarta.ws.rs.client.Invocation;
+import org.apache.log4j.Logger;
+
+/**
+ * @author Yuriy Z
+ */
+public class GlobalTokenRevocationClient extends BaseClient<GlobalTokenRevocationClientRequest, GlobalTokenRevocationResponse> {
+
+    private static final Logger LOG = Logger.getLogger(GlobalTokenRevocationClient.class);
+    private static final ObjectMapper MAPPER = new ObjectMapper();
+
+    /**
+     * Constructs a client by providing a REST url where the global token revocation endpoint
+     * is located.
+     *
+     * @param url global token revocation endpoint
+     */
+    public GlobalTokenRevocationClient(String url) {
+        super(url);
+    }
+
+    @Override
+    public String getHttpMethod() {
+        return HttpMethod.POST;
+    }
+
+    public GlobalTokenRevocationResponse exec(GlobalTokenRevocationClientRequest request) {
+        setRequest(request);
+        return exec();
+    }
+
+    public GlobalTokenRevocationResponse exec() {
+        initClient();
+
+        Invocation.Builder clientRequest = webTarget.request();
+        applyCookies(clientRequest);
+
+        new ClientAuthnEnabler(clientRequest, requestForm).exec(request);
+
+        clientRequest.header("Content-Type", request.getContentType());
+
+        SubId subId = new SubId();
+        subId.setFormat(getRequest().getFormat());
+        subId.setId(getRequest().getId());
+
+        GlobalTokenRevocationRequest model = new GlobalTokenRevocationRequest();
+        model.setSubId(subId);
+
+        try {
+            clientResponse = clientRequest.buildPost(Entity.json(MAPPER.writeValueAsString(model))).invoke();
+
+            final GlobalTokenRevocationResponse response = new GlobalTokenRevocationResponse(clientResponse);
+            setResponse(response);
+        } catch (Exception e) {
+            LOG.error(e.getMessage(), e);
+        } finally {
+            closeConnection();
+        }
+
+        return getResponse();
+    }
+}
@@ -0,0 +1,60 @@
+package io.jans.as.client;
+
+import io.jans.as.model.util.QueryBuilder;
+import jakarta.ws.rs.core.MediaType;
+
+/**
+ * @author Yuriy Z
+ */
+public class GlobalTokenRevocationClientRequest extends ClientAuthnRequest {
+
+    private String format;
+    private String id;
+
+    public GlobalTokenRevocationClientRequest() {
+        this(null, null);
+    }
+
+    public GlobalTokenRevocationClientRequest(String format, String id) {
+        this.format = format;
+        this.id = id;
+
+        setContentType(MediaType.APPLICATION_JSON);
+        setMediaType(MediaType.APPLICATION_JSON);
+    }
+
+    @Override
+    public String getQueryString() {
+        QueryBuilder builder = QueryBuilder.instance();
+
+        builder.append("format", format);
+        builder.append("id", id);
+        appendClientAuthnToQuery(builder);
+
+        return builder.toString();
+    }
+
+    public String getFormat() {
+        return format;
+    }
+
+    public void setFormat(String format) {
+        this.format = format;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    @Override
+    public String toString() {
+        return "GlobalTokenRevocationRequest{" +
+                "format='" + format + '\'' +
+                ", id='" + id + '\'' +
+                "} " + super.toString();
+    }
+}
@@ -0,0 +1,27 @@
+package io.jans.as.client;
+
+import io.jans.as.model.session.EndSessionErrorResponseType;
+import jakarta.ws.rs.core.Response;
+
+/**
+ * @author Yuriy Z
+ */
+public class GlobalTokenRevocationResponse extends BaseResponseWithErrors<EndSessionErrorResponseType> {
+
+    public GlobalTokenRevocationResponse() {
+    }
+
+    public GlobalTokenRevocationResponse(Response clientResponse) {
+        super(clientResponse);
+        injectDataFromJson();
+    }
+
+    @Override
+    public EndSessionErrorResponseType fromString(String params) {
+        return EndSessionErrorResponseType.fromString(params);
+    }
+
+    public void injectDataFromJson() {
+        injectDataFromJson(entity);
+    }
+}
@@ -108,6 +108,7 @@ public static void parse(String json, OpenIdConfigurationResponse response) {
         response.setTokenEndpoint(jsonObj.optString(TOKEN_ENDPOINT, null));
         response.setRevocationEndpoint(jsonObj.optString(REVOCATION_ENDPOINT, null));
         response.setSessionRevocationEndpoint(jsonObj.optString(SESSION_REVOCATION_ENDPOINT, null));
+        response.setGlobalTokenRevocationEndpoint(jsonObj.optString(GLOBAL_TOKEN_REVOCATION_ENDPOINT, null));
         response.setUserInfoEndpoint(jsonObj.optString(USER_INFO_ENDPOINT, null));
         response.setClientInfoEndpoint(jsonObj.optString(CLIENT_INFO_ENDPOINT, null));
         response.setCheckSessionIFrame(jsonObj.optString(CHECK_SESSION_IFRAME, null));

@@ -31,6 +31,7 @@ public class OpenIdConfigurationResponse extends BaseResponse implements Seriali
     private String tokenEndpoint;
     private String revocationEndpoint;
     private String sessionRevocationEndpoint;
+    private String globalTokenRevocationEndpoint;
     private String userInfoEndpoint;
     private String clientInfoEndpoint;
     private String checkSessionIFrame;
@@ -264,6 +265,24 @@ public void setSessionRevocationEndpoint(String sessionRevocationEndpoint) {
         this.sessionRevocationEndpoint = sessionRevocationEndpoint;
     }
 
+    /**
+     * Gets global token revocation endpoint
+     *
+     * @return global token revocation endpoint
+     */
+    public String getGlobalTokenRevocationEndpoint() {
+        return globalTokenRevocationEndpoint;
+    }
+
+    /**
+     * Sets global token revocation endpoint
+     *
+     * @param globalTokenRevocationEndpoint global token revocation endpoint
+     */
+    public void setGlobalTokenRevocationEndpoint(String globalTokenRevocationEndpoint) {
+        this.globalTokenRevocationEndpoint = globalTokenRevocationEndpoint;
+    }
+
     /**
      * Returns the URL of the Token Revocation endpoint.
      *

@@ -101,6 +101,7 @@ public abstract class BaseTest {
     protected String jwksUri;
     protected String archivedJwksUri;
     protected String registrationEndpoint;
+    protected String globalTokenRevocationEndpoint;
     protected String configurationEndpoint;
     protected String introspectionEndpoint;
     protected String deviceAuthzEndpoint;
@@ -375,6 +376,14 @@ public void setRegistrationEndpoint(String registrationEndpoint) {
         this.registrationEndpoint = registrationEndpoint;
     }
 
+    public String getGlobalTokenRevocationEndpoint() {
+        return globalTokenRevocationEndpoint;
+    }
+
+    public void setGlobalTokenRevocationEndpoint(String globalTokenRevocationEndpoint) {
+        this.globalTokenRevocationEndpoint = globalTokenRevocationEndpoint;
+    }
+
     public String getIntrospectionEndpoint() {
         return introspectionEndpoint;
     }
@@ -1000,6 +1009,7 @@ public void discovery(ITestContext context) throws Exception {
             jwksUri = response.getJwksUri();
             archivedJwksUri = response.getArchivedJwksUri();
             registrationEndpoint = response.getRegistrationEndpoint();
+            globalTokenRevocationEndpoint = response.getGlobalTokenRevocationEndpoint();
             introspectionEndpoint = response.getIntrospectionEndpoint();
             parEndpoint = response.getParEndpoint();
             deviceAuthzEndpoint = response.getDeviceAuthzEndpoint();
@@ -1023,6 +1033,7 @@ public void discovery(ITestContext context) throws Exception {
             jwksUri = context.getCurrentXmlTest().getParameter("jwksUri");
             archivedJwksUri = context.getCurrentXmlTest().getParameter("archivedJwksUri");
             registrationEndpoint = context.getCurrentXmlTest().getParameter("registrationEndpoint");
+            globalTokenRevocationEndpoint = context.getCurrentXmlTest().getParameter("globalTokenRevocationEndpoint");
             configurationEndpoint = context.getCurrentXmlTest().getParameter("configurationEndpoint");
             introspectionEndpoint = context.getCurrentXmlTest().getParameter("introspectionEndpoint");
             parEndpoint = context.getCurrentXmlTest().getParameter("parEndpoint");