Reputation: 1498
Identityserver4 Revoke One or All tokens
In the application, when a user logs out, I would revoke the reference and refresh token for that current session. This is an API and thus other devices can be logged into the application. I want to provide the ability to log out or log out from all devices.
In Identityserver4, when we are logging out, we can use the revocation client to revoke a token:
var client = new TokenRevocationClient(...);
//var result = await client.RevokeAccessTokenAsync(token);
//var result = await client.RevokeRefreshTokenAsync(token);
This, in turn, calls IReferenceTokenStore.RemoveReferenceTokenAsync(string handle).
Now, the question is, how would I revoke all tokens for a user? This means that it should call IReferenceTokenStore.RemoveReferenceTokensAsync(string subjectId, string clientId) instead.
Upvotes: 0
Views: 2665
Answers (1)
Reputation: 363
You can inject an instance of IIdentityServerInteractionService and call RevokeTokensForCurrentSessionAsync().
This should lead to calling of IReferenceTokenStore.RemoveReferenceTokensAsync(string subjectId, string clientId).
Upvotes: 1
Related Questions
- IdentityServer Create and Revoke API Tokens
- How can I invalidate access tokens generated by Identity Core?
- How to revoke refresh token in Identityserver4?
- Revoke refresh tokens when signing out from IdentityServer4
- IdentityServer4 Revoke all reference tokens for a client, except the current one
- Revoke token generated by UserTokenProvider in ASP.NET Identity 2.0
- How to revoke refresh token in aspnet core which is store in Identiy Server Database
- Revoke token with identity server 4
- How to revoke or invalidate token using Identity Server 4?
- IdentityServer4 refresh_token revocation