How can I revoke a users token? #4712
-
|
I see in the sample the app appears to be constructing a logout url and navigating a user to it: But I'd really like to do this silently from within my app backend. I have their refresh token is there no way for me to just do it directly? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
@justinmchase Unfortunately, there is not currently a way to invalidate a given refresh token. It will be valid until it expires or until all of their RTs are invalidated by an admin. |
Beta Was this translation helpful? Give feedback.
-
|
Can I invalidate the accessToken though? Which will invalidate all refresh tokens? |
Beta Was this translation helpful? Give feedback.
-
|
That is not currently possible, no. |
Beta Was this translation helpful? Give feedback.
-
|
Its been a year, is this possible now? |
Beta Was this translation helpful? Give feedback.
-
|
This is something we need too...for security purposes, we need the ability to revoke a user's session from within the Azure B2C portal...and have the user logged out of our application. However, in testing, I am not logged out. UI: API: The API doesn't really matter though because I can see the refresh token being retrieved prior to the API being called (which makes the API validation a moot point since a new valid token is being issued). |
Beta Was this translation helpful? Give feedback.
@justinmchase Unfortunately, there is not currently a way to invalidate a given refresh token. It will be valid until it expires or until all of their RTs are invalidated by an admin.