My access_token did not expire after I deleted the user.

[supertruong]

Hi everyone,
I tried to get access_token from token endpoint: /connect/token. -> It's done.
But I got a problem when I deleted the user that I used to authenticate. The user's access_token still alive and I could use it to access API resources.

Could you tell me what I missed?

Thanks a lot.

[maliming]

hi

This is the design of JWT.

You can customize the Validator of JWT. Or use the reference token of Identity Server, which has nothing to do with abp.