%% You should probably cite rfc7009 instead of this I-D.
@techreport{ietf-oauth-revocation-09,
	number =	{draft-ietf-oauth-revocation-09},
	type =		{Internet-Draft},
	institution =	{Internet Engineering Task Force},
	publisher =	{Internet Engineering Task Force},
	note =		{Work in Progress},
	url =		{https://datatracker.ietf.org/doc/html/draft-ietf-oauth-revocation-09},
        author =	{Torsten Lodderstedt and Stefanie Dronia and Marius Scurtescu},
	title =		{{OAuth 2.0 Token Revocation}},
	pagetotal =	10,
	year =		** No value found for 'doc.pub_date.year' **,
	month =		** No value found for 'doc.pub_date' **,
	day =		** No value found for 'doc.pub_date.day' **,
	abstract =	{This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to cleanup security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant.},
}