diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
index a37352348..8b0dc9786 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
@@ -20,6 +20,7 @@ import java.util.List;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
 
@@ -43,4 +44,6 @@ public interface OAuth2TokenEntityService extends AuthorizationServerTokenServic
 	
 	public OAuth2RefreshTokenEntity saveRefreshToken(OAuth2RefreshTokenEntity refreshToken);
 	
+	public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication);
+	
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
index 036ea3e90..265bd634d 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
@@ -41,7 +41,7 @@ public class IntrospectionEndpoint {
 	@RequestMapping("/oauth/verify")
 	public ModelAndView verify(@RequestParam("token") String tokenValue, 
 			ModelAndView modelAndView) {
-		OAuth2AccessTokenEntity token = tokenServices.getAccessToken(tokenValue);
+		OAuth2AccessTokenEntity token = tokenServices.readAccessToken(tokenValue);
 		
 		if (token == null) {
 			// if it's not a valid token, we'll print a 404
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
index cbb607e80..d0da044e2 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
@@ -15,6 +15,8 @@
  ******************************************************************************/
 package org.mitre.oauth2.web;
 
+import java.security.Principal;
+
 import org.mitre.oauth2.exception.PermissionDeniedException;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
@@ -47,23 +49,35 @@ public class RevocationEndpoint {
 	// TODO
 	@PreAuthorize("hasRole('ROLE_ADMIN') or hasRole('ROLE_CLIENT')")
 	@RequestMapping("/oauth/revoke")
-	public ModelAndView revoke(@RequestParam("token") String tokenValue, 
+	public ModelAndView revoke(@RequestParam("token") String tokenValue, Principal principal,
 			ModelAndView modelAndView) {
 
-		OAuth2RefreshTokenEntity refreshToken = tokenServices.getRefreshToken(tokenValue);
-		OAuth2AccessTokenEntity accessToken = tokenServices.getAccessToken(tokenValue);
+		
+		OAuth2RefreshTokenEntity refreshToken = null;
+		OAuth2AccessTokenEntity accessToken = null;
+		try {
+	        refreshToken = tokenServices.getRefreshToken(tokenValue);
+        } catch (InvalidTokenException e) {
+	        // it's OK if either of these tokens are bad
+        }
 
+		try {
+	        accessToken = tokenServices.readAccessToken(tokenValue);
+        } catch (InvalidTokenException e) {
+	        // it's OK if either of these tokens are bad
+        }
+		
 		if (refreshToken == null && accessToken == null) {
 			// TODO: this should throw a 400 with a JSON error code
 			throw new InvalidTokenException("Invalid OAuth token: " + tokenValue);
 		}
 		
-		// TODO: there should be a way to do this in SPEL, right?
-		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-		if (auth instanceof OAuth2Authentication) {
+		if (principal instanceof OAuth2Authentication) {
+			OAuth2AccessTokenEntity tok = tokenServices.getAccessToken((OAuth2Authentication) principal);
+			
 			// we've got a client acting on its own behalf, not an admin
 			//ClientAuthentication clientAuth = (ClientAuthenticationToken) ((OAuth2Authentication) auth).getClientAuthentication();
-			AuthorizationRequest clientAuth = ((OAuth2Authentication) auth).getAuthorizationRequest();
+			AuthorizationRequest clientAuth = ((OAuth2Authentication) principal).getAuthorizationRequest();
 
 			if (refreshToken != null) {
 				if (!refreshToken.getClient().getClientId().equals(clientAuth.getClientId())) {