Revoke Identity Server OAuth2 Token

Question

Revoke Identity Server OAuth2 Token

I wonder if it is possible to revoke the OAuth 2.0 token issued by ThinkTecture Identity Server the way I want to log out of my application.

+3

oauth-2.0 thinktecture-ident-server

Raul molina 06 oct. 14 at 20:02

source to share

2 answers

Hans Z. · Answer 1 · 2015-02-26T08:11:29+0000

This is only possible with the latest ThinkTecure Identity Server version 3 that implements RFC 7009: https://tools.ietf.org/html/rfc7009 . See the 1.1.0 Release Notes at https://github.com/IdentityServer/Thinktecture.IdentityServer3/blob/master/RELEASES.md which includes a link to https://github.com/IdentityServer/Thinktecture.IdentityServer3/ pull / 858 .

Youngjae · Answer 2 · 2015-02-26T05:40:21+0000

Have you read this article ( http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/ )?

I am quoting the paragraph below.

Once a token has been released, there is no "built-in" way to undo it. Or, in other words, you need to write your own mechanism for what often involves checking the database on every request. Opportunity - but often hits the target.

In short, providing a limited lifetime for the authentication token and deleting the applicable solution stored in the client.

Revoke Identity Server OAuth2 Token

More articles: