feat(backend): add OAuth application token revocation

[jfoshee]

Summary

Adds SDK support for the new OAuth application token revocation endpoint and documents the backend SDK method.

Validation run:

• go test ./oauthapplication
• pnpm --filter @clerk/backend test:node src/api/tests/OAuthApplicationsApi.test.ts
• pnpm --filter @clerk/backend test:edge-runtime src/api/tests/OAuthApplicationsApi.test.ts
• pnpm --filter @clerk/backend lint
• pnpm run build:tsx in clerk-docs
• pnpm run lint in clerk-docs

Changes in this repo

Adds clerkClient.oauthApplications.revokeToken(), handles 204 responses as void, includes focused node and edge-runtime tests, and adds a changeset for @clerk/backend.

Companion PRs

• clerk-docs: feat(backend): add OAuth application token revocation clerk-docs#3484
• clerk-sdk-go: feat(backend): add OAuth application token revocation clerk-sdk-go#574

Summary by CodeRabbit

• New Features

  • Added the ability to revoke OAuth application access and refresh tokens from the backend client.

• Bug Fixes

  • Improved handling of no-content responses so successful revocation calls return cleanly without errors.
  • Added validation feedback when a required OAuth application ID is missing.

• Documentation

  • Updated release guidance to reflect this new backend capability.

[changeset-bot]

🦋 Changeset detected

Latest commit: 2aff791

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 10 packages

Name	Type
@clerk/backend	Minor
@clerk/astro	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/hono	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 30, 2026 12:25am
swingset	Ready	Preview, Comment	Jun 30, 2026 12:25am

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds revokeToken to OAuthApplicationsApi, which POSTs to /oauth_applications/:id/revoke_token. The buildRequest function gains an early-return for HTTP 204 responses. Tests and a minor changeset entry for @clerk/backend are included.

Changes

OAuth Application revokeToken

Layer / File(s)	Summary
204 response handling packages/backend/src/api/request.ts	buildRequest returns {data: undefined, errors: null} immediately for res.status === 204 without parsing the body.
revokeToken type and method packages/backend/src/api/endpoints/OAuthApplicationsApi.ts	Adds RevokeOAuthApplicationTokenParams type and revokeToken method that validates oauthApplicationId and POSTs to the revoke_token sub-path with token as a body param, returning void.
Tests and changeset packages/backend/src/api/__tests__/OAuthApplicationsApi.test.ts, .changeset/oauth-application-revoke-token.md	MSW-backed tests assert 204 maps to undefined and empty oauthApplicationId rejects; changeset marks @clerk/backend as minor.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• wobsoriano

Poem

🐇 Hop hop, a token revoked today,
POST to the path, then 204 hooray!
No body to parse, just undefined returned,
A new little method the backend has earned.
The rabbit stamps the changeset with glee~ 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly matches the main change: adding backend support for OAuth application token revocation.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

_{Comment @coderabbitai help to get the list of available commands.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@9040

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@9040

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@9040

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@9040

@clerk/electron

npm i https://pkg.pr.new/@clerk/electron@9040

@clerk/electron-passkeys

npm i https://pkg.pr.new/@clerk/electron-passkeys@9040

@clerk/eslint-plugin

npm i https://pkg.pr.new/@clerk/eslint-plugin@9040

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@9040

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@9040

@clerk/express

npm i https://pkg.pr.new/@clerk/express@9040

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@9040

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@9040

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@9040

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@9040

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@9040

@clerk/react

npm i https://pkg.pr.new/@clerk/react@9040

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@9040

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@9040

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@9040

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@9040

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@9040

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@9040

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@9040

commit: 2aff791

[github-actions]

API Changes Report

Generated by Break Check on 2026-06-30T00:27:21.714Z

Summary

Metric	Count
Packages analyzed	19
Packages with changes	0
🔴 Breaking changes	0
🟡 Non-breaking changes	0
🟢 Additions	0

No API Changes Detected

All packages have stable APIs with no detected changes.

---

Report generated by Break Check

_{Last ran on 2aff791.}

[coderabbitai]

🧹 Nitpick comments (1)

packages/backend/src/api/endpoints/OAuthApplicationsApi.ts (1)

40-49: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add JSDoc and an explicit return type to revokeToken()
clerkClient.oauthApplications.revokeToken() is public packages/** surface; add method-level JSDoc for the generated reference docs and annotate it as Promise<void>.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/backend/src/api/endpoints/OAuthApplicationsApi.ts` around lines 40 -
49, Add method-level JSDoc to revokeToken() so it appears correctly in the
generated reference docs, and annotate its signature with an explicit
Promise<void> return type. Update the revokeToken() declaration in
OAuthApplicationsApi alongside RevokeOAuthApplicationTokenParams so the public
clerkClient.oauthApplications surface is fully typed and documented.

Sources: Coding guidelines, Path instructions

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@packages/backend/src/api/endpoints/OAuthApplicationsApi.ts`:
- Around line 40-49: Add method-level JSDoc to revokeToken() so it appears
correctly in the generated reference docs, and annotate its signature with an
explicit Promise<void> return type. Update the revokeToken() declaration in
OAuthApplicationsApi alongside RevokeOAuthApplicationTokenParams so the public
clerkClient.oauthApplications surface is fully typed and documented.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 151c11d6-dd13-420b-a35f-bd4ab3fa5c53

📥 Commits

Reviewing files that changed from the base of the PR and between 2914c2c and 2aff791.

📒 Files selected for processing (4)

• .changeset/oauth-application-revoke-token.md
• packages/backend/src/api/__tests__/OAuthApplicationsApi.test.ts
• packages/backend/src/api/endpoints/OAuthApplicationsApi.ts
• packages/backend/src/api/request.ts

[wobsoriano]

Looks good 👍🏼