May 11 2021
08:04 PM
- last edited on
Jan 14 2022
03:27 PM
by
TechCommunityAP
May 11 2021
08:04 PM
- last edited on
Jan 14 2022
03:27 PM
by
TechCommunityAP
Hi,
There are instances where a user logs off/out but the access token associated with the user on the client does not expire (based on the access token lifetime). This can lead to situations where resource servers or APIs can continue to be invoked with these tokens and the request is serviced/honoured.
An introspection endpoint (per the ITEF specification in RFC 7662 https://tools.ietf.org/html/rfc7662) checks the validity of tokens. When will Microsoft establish an introspection endpoint with Azure Active Directory to check the validity of the token?
At present many customers are creating a bespoke solutions within their environments to perform this function blacklist tokens.
Dec 04 2023 09:20 AM