简体繁体 English

撤消Azure AD B2C上的刷新令牌

[英]Revoke a refresh token on Azure AD B2C

原文 2016-10-17 09:39:00 3 1 azure/ azure-ad-b2c/ azure-ad-graph-api

I don't know if there is a solution to revoke a refresh token when : - a user reset its own password with the reset password policy ? 我不知道在以下情况下是否存在解决方案来撤消刷新令牌：-用户使用重设密码策略重设了自己的密码？ - a user change its own password with a specific form based on Graph API ? -用户使用基于Graph API的特定格式更改自己的密码？

I think it must be implemented for security reason but I don't if it's possible for now and if not when will it be available ? 我认为必须出于安全原因将其实现，但是如果现在可行，并且没有时间，我不知道吗？

Thanks in advance 提前致谢

1 个解决方案

I found a similar questions to your question Costs of B2C and Refresh tokens . 我找到了与您的问题B2C和“刷新令牌”的成本类似的问题。

The essential part of the answer from the other question is: 另一个问题的答案的关键部分是：

The log out the web application won't revoke the token. 注销Web应用程序不会撤消令牌。 Azure AD doesn't support revoking the token at present. Azure AD当前不支持吊销令牌。 However, we can clear the token cache if you doesn't want users to user the token. 但是，如果您不希望用户使用令牌，我们可以清除令牌缓存。

I did some own tests using the Azure AD Graph API and was unable to get the refresh token to expire, even when resetting the password of the user accessing the resources. 我使用Azure AD Graph API进行了一些自己的测试，即使重置访问资源的用户的密码，也无法使刷新令牌过期。

As far as I know, there doesn't seem to be any way to expire the token at the moment, except for contacting Azure support and having them expire the token. 据我所知，目前似乎没有任何办法可以使令牌失效，除了联系Azure支持人员并让他们使令牌失效。