Revoking Access Token
Hello Team,
Wanted to check on the possibility of revoking the access token.
For our scenario we generated the access tokens without setting the lifetime parameter, which makes them never expire.
Now we have set the lifetime to 12 hrs and want to revoke all the older access tokens, is there a way to do this?
Thanks
7 Replies
What kind of access tokens are you using? JWT or opaque?
@FFO opaque
@FFO , anything on this?
I need to check the details but of the top of my head I would say we only support revocation of sessions
@livio can correct if I am wrong
so does that mean , the tokens w ith lifetime access if were generated by error will remain active always ?
No, if a session is terminated it revokes the token. (expect with refresh tokens)
Can you share a little bit about your needs and goals, that would help me understand what solution might be good for you.
For our scenario we generated the access tokens without setting the lifetime parameter, which makes them never expire.
Now assume that these tokens are out with users, now what we want tis to revoke all these tokens...although we would not have the option to ask users to share their tokens with us and we can revoke them.... looking for a way where either we revoke all generated tokens so far or revoke tokens base on timestamp
Got it, let me ask around, not sure top of my mind how to solve this the easy way.
Maybe @livio has an idea.