的WebAPI与OAuth的,撤销令牌? [英] webapi with oauth, revoke token?
问题描述
您好所有我在这里下面这篇文章,以实现与使用OAuth的owin个人账户的WebAPI。
Hello all im following this article here to implement a webapi with individual accounts using the owin oauth.
我的问题是有没有办法撤销到的WebAPI的注销的方法确实没有从我生病以来通过手机应用程序要访问此的WebAPI一个令牌访问。感谢您的任何信息!
My question is there any way to revoke a tokens access to the webapi the "sign out" method really does nothing from me since ill be accessing this webapi through a phone app. Thanks for any info !
推荐答案
撤消令牌是很难 - 但你可以限制他们的一生,并会定期更新。看这里:
<一href=\"http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/\" rel=\"nofollow\">http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/
Revoking tokens is hard - but you can limit their lifetime and refresh them periodically. see here: http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/
这篇关于的WebAPI与OAuth的,撤销令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!