revoke_token: Revoke an OAuth 2.0 token

Description

Attempts to revoke an access or refresh token using RFC 7009 when the provider exposes a revocation endpoint.

Authentication mirrors the provider's token_auth_style (same as token exchange and introspection).

Best-effort semantics:

If the provider does not expose a revocation endpoint, returns supported = FALSE, revoked = NA, and status = "revocation_unsupported".
If the selected token value is missing, returns supported = TRUE, revoked = NA, and status = "missing_token".
If the endpoint returns a 2xx, returns supported = TRUE, revoked = TRUE, and status = "ok".
If the endpoint returns an HTTP error, returns supported = TRUE, revoked = NA, and status = "http_<code>".

revoke_token(
  oauth_client,
  oauth_token,
  which = c("refresh", "access"),
  async = FALSE,
  shiny_session = NULL
)

A list with fields: supported, revoked, status

oauth_client: OAuthClient object
oauth_token: OAuthToken object containing tokens to revoke
which: Which token to revoke: "refresh" (default) or "access"
async: Logical, default FALSE. If TRUE and the mirai::mirai package is available, the operation is performed off the main R session using mirai::mirai() and this function returns a mirai (which implements as.promise()) that resolves to the result list. Requires mirai daemons to be configured with mirai::daemons().
shiny_session: Optional pre-captured Shiny session context (from capture_shiny_session_context()) to include in audit events. Used when calling from async workers that lack access to the reactive domain.