gp80586
Reputation: 169
How to revoke OAuth access tokens in ADFS 3.0?
We are currently looking at rolling out ADFS 3.0 (Server 2012 R2). I've searched high and low, but it doesn't seem possible to revoke access and/or refresh tokens that have been issued by ADFS 3.0. Has any one accomplished this?
I'm also inclined to place an API in front of ADFS to handle revocation and audit/logging, but it seems this may be a 'hacked' solution.
Some guidance would be much appreciated.
Upvotes: 0
Views: 1791
Answers (1)
paullem
Reputation: 1311
In general OAuth2 tokens cannot be revoked (ie there is no signout). The applicable mechanism just disables a refresh.... This is radically different from WS-Fed passive and SAML2 browser SSO.
Upvotes: 1
Related Questions
- ADFS 3.0 OAuth Token Refresh (Windows Server 2012r2)
- How to revoke a token in Discord OAuth2.0?
- How to revoke the access and refresh token in Oauth2.0?
- How to revoke an Access Token with PingFederate
- Access token and user ID
- How to revoke a given Facebook token?
- Using ADFS OAuth Refresh Token
- OAuth Logout endpoint for ADFS 3.0
- Reauthenticate using ADFS?
- How to revoke Asana OAuth tokens?