关于不记名令牌的问题 [英] question about bearer token

问题描述

我们使用azure ADAL允许使用azure bearer token登录应用程序

We are  using azure ADAL to allow login to the application using azure bearer token

前端的
adal.js和后端的c＃中的ADAL库API，令牌的有效期是自Azure发布之日起60分钟。

adal.js in the front end and ADAL libraries in c# for the backend API, the validity of the token is 60 min from the time it is issued by Azure.

但是在您从应用程序注销后（我们已经清除了客户端会话缓存），如果您有权访问azure bearer token并且未达到到期时间，则用户将是能够使用持票人令牌直接访问API。

But after you log out from the application (we are already clearing the client session cache), if you had access to the azure bearer token and the expiry time has not reached, the user will be able to use the bearer token to access the API directly.

 

 

我们想知道是否有任何方法可以撤销用户在使用javascript或c＃库从应用程序（Azure）注销后使用的不记名令牌。 

We want to know if there is any way to revoke the bearer token user was using after logging out from the application(Azure) using the javascript or c# libraries. 

 

 

推荐答案

根据我的经验Azure和B2C一旦发布（令牌）就无法通过代码撤销或无效。

From my experience with Azure and B2C once issued it (the token) can't be revoked or invalidated via code.

这篇关于关于不记名令牌的问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！