AAD: Revoke / Invalidate access tokens #12717
Comments
|
@drinkbird Thank you for the valuable feedback,we are investigating the issue. |
|
@drinkbird Unfortunately currently we don't have a specific revocation API. However, you can set access token lifetime based on your requirement. Please refer to this document for the same - Azure Active Directory v2.0 tokens reference. Also please upvote below Azure Feedback request regarding Invalidate JWT Token. This will allow the product team to further prioritize it and include into their plans. |
|
@drinkbird We will now proceed to close this thread. If there are further questions regarding this matter, please open a new issue and we will gladly continue the discussion. |
|
Thank you for your response @MohitGargMSFT |
Thanks for clarifying. Along similar lines, I'm wondering if it's possible for a third party to disconnect their app from a users account? Will "logging out" have that effect? |
|
@MohitGargMSFT What exactly does deleting the OAuth2PermissionGrant entity for the user do? Will it revoke the refresh token? |
No it will not log out since i am also facing the same issue where after logout from the application old request are still valid |
|
@MohitGargMSFT Still after logout access token remain active as per default lifetime set by azure active directory which is 60 min. Now how can we invalidate token after logout ?? Thanks for any valuable suggestion |
Example: A client application uses the OAuth 2.0 code grant flow to obtain an access token. Once the user is done with their work, the "logout" action needs to invalidate the access token.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: