This is something I have been asked and I was at first under impression it was only available in v3, digging a bit more into the code there is actually a way to do that in v2 when you are using PKI tokens. Since I could not find much documentation online here is a description of the steps how to do it.

Let first get a PKI token, you can do it the hard way by sending a json blob to the keystone url and parse the json results like this :

or do the easy way by gettting my script available here :

and use it like that :

it will give you a variable $TOKEN and a variable $STORAGE_URL that you can use further down.

now let’s try to use it with our swift :

all good here,

so now go inside your keystone.conf and get your admin/service token or use that friendly copy and paste command line :

and use it to DELETE the token we do that request directly to our keystone which is localhost here point it wherever you want:

We can still use it because the token is still in the cache. By default tokens are cached in memcache as good as 5 minutes but the
revocation list is fetched every seconds or so.

but after a bit (like over a minute or so) we are getting a proper denied: