• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Revoking access tokens

Scheduled Pinned Locked Moved
Q&A
jwt token revocation
0
2
1.9k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dan
    last edited by 7 Dec 2020, 20:44

    Is there a mechanism by which and access_token/id_token can be revoked upon user password change? I'm looking for something similar to how refresh_tokens are revoked when that occurs.

    --
    FusionAuth - Auth for devs, built by devs.
    https://fusionauth.io

    1 Reply Last reply Reply Quote 0
    • D
      dan
      last edited by 7 Dec 2020, 20:45

      No, those tokens are completely de-coupled from FusionAuth (in a fundamental way, that is the point of those tokens).

      There are revocation strategies however, but they require some additional work.

      Here is one strategy we have documented: https://fusionauth.io/learn/expert-advice/tokens/revoking-jwts/

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post