How can I revoke a users token? #4712
-
I see in the sample the app appears to be constructing a logout url and navigating a user to it: But I'd really like to do this silently from within my app backend. I have their refresh token is there no way for me to just do it directly? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
@justinmchase Unfortunately, there is not currently a way to invalidate a given refresh token. It will be valid until it expires or until all of their RTs are invalidated by an admin. |
Beta Was this translation helpful? Give feedback.
-
This is something we need too...for security purposes, we need the ability to revoke a user's session from within the Azure B2C portal...and have the user logged out of our application. However, in testing, I am not logged out. UI: API: The API doesn't really matter though because I can see the refresh token being retrieved prior to the API being called (which makes the API validation a moot point since a new valid token is being issued). |
Beta Was this translation helpful? Give feedback.
@justinmchase Unfortunately, there is not currently a way to invalidate a given refresh token. It will be valid until it expires or until all of their RTs are invalidated by an admin.