I have the refresh token expiry on B2C set to the minimum and I left my account logged in but inactive for the past couple days. Now, I'm receiving logs showing the mobile application is trying to get a new access token using the expired refresh token but I'm catching an error: "time out".
Correct me if I'm wrong but from what I understand, refresh tokens don't expire and I need to manually revoke them then send the user back to log in screen? How do I revoke the refresh token on client side?
Thanks.
If you wish to revoke the refresh token, you can use power shell: Revoke-AzureADUserAllRefreshToken ,
or AAD Graph API : POST https://graph.windows.net/{tenant id}/me/invalidateAllRefreshTokens?api-version=1.6 HTTP/1.1
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.