Can we invalidate the old access token after logout on MFP?
Question
I am using IBM Mobilefirst platform 8.0 at the moment. Currently, I am facing a problem:
On my MFP, I have 1 security check to protect 1 adapter. The flow is that:
- login with the security check
- can obtain access token (I call it TOKEN_1)
- can request resource from adapter
- logout
- This step, I use the TOKEN_1 to request the resource from adapter and it returns 401 unauthorized (it's correct here)
- login with the security check again
- can obtain a new access token now (I call it TOKEN_2)
At this time, I can use both TOKEN_1 and TOKEN_2 to request the resource from the adapter and I think that it's not a good thing (just for my case and from my point of view)
I would think that the TOKEN_1 should not be valid anymore but only the TOKEN_2.
So, my question is that there is any way to invalidate forever an access token after we logout with MFP?
Thank you so much in advance.
1 answers
solution1
0 2018-11-15 09:31:38
You can manually clear out the access tokens in the mobile device using the API clearAccessToken .
You can invoke it before or after your logout call. This is to ensure all token related data held in-memory is cleared. This does not clear any token data you have recorded within in your code and stored.
Once you have logged out with WLAuthorizationManager.logout(securitycheck) , the next time you request a protected resource, MFP client SDK always obtains a new token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.