Hi , 

Revoking OAuth Tokens
When a user logs out of an app, or the app times out or in other ways becomes invalid, the logged-in users’ credentials are
cleared from the mobile app. This effectively ends the connection to the server. Also, Mobile SDK revokes the refresh token
from the server as part of logout.
Revoking Tokens
To revoke OAuth 2.0 tokens, use the revocation endpoint:
https://login.salesforce.com/services/oauth2/revoke
Construct a POST request that includes the following parameters using the application/x-www-form-urlencoded
format in the HTTP request entity-body. For example:
POST /revoke HTTP/1.1
Host: https://login.salesforce.com/services/oauth2/revoke
Content-Type: application/x-www-form-urlencoded
token=currenttoken
If an access token is included, we invalidate it and revoke the token. If a refresh token is included, we revoke it as well as any
associated access tokens.
The authorization server indicates successful processing of the request by returning an HTTP status code 200. For all error
conditions, a status code 400 is used along with one of the following error responses.
• unsupported_token_type—token type not supported
• invalid_token—the token was invalid
For Sandbox, use test.salesforce.com instead of login.salesforce.com.

See pg # 132,

http://res.cloudinary.com/hy4kyit2a/image/upload/v1373584616/mobile_sdk.pdf.pdf


Regards,
Ashish