AleF83
commented
1 year ago Hi, I'm not sure that JWT can be revoked. Once the token is issued no communication is required between the server that tries to verify the token and the auth provider. Hopefully, I understood right what you're trying to do.
forceedge01
I am trying to revoke the access token that comes back after signing in. After posting the token "/connect/revocation" I get a 200 OK response but I can still use the token to retrieve the user profile etc. Naturally the token is still valid even after logging out as its a bearer token. Can this be fixed please?
Use case: I am not looking to log the user out of the identity provider as they may be using that identity with other apps. I only want to revoke the token that is created for that user and that particular client.