Revoke a refresh token on Azure AD B2C
Question
I don't know if there is a solution to revoke a refresh token when : - a user reset its own password with the reset password policy ? - a user change its own password with a specific form based on Graph API ?
I think it must be implemented for security reason but I don't if it's possible for now and if not when will it be available ?
Thanks in advance
1 answers
solution1
3 2016-10-17 12:14:52
I found a similar questions to your question Costs of B2C and Refresh tokens .
The essential part of the answer from the other question is:
The log out the web application won't revoke the token. Azure AD doesn't support revoking the token at present. However, we can clear the token cache if you doesn't want users to user the token.
I did some own tests using the Azure AD Graph API and was unable to get the refresh token to expire, even when resetting the password of the user accessing the resources.
As far as I know, there doesn't seem to be any way to expire the token at the moment, except for contacting Azure support and having them expire the token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.