How to revoke oAuth2 access token?

Published

I have a problem where the user still can call the API after logout the application by using POSTMAN. There is no problem with the browser side after logged out since I have removed the access token and clear the cookies. But the user still can call the API and get the results using POSTMAN, which means the back-end doesn’t invalidate the OAuth token. This may cause security issues if the person has the access code. I go through some examples like using refresh token/ shorten the access token lifetime (seems like nothing that I want). Are there any other ways to revoke the oAuth2 access token to prevent user to call the API after they have logout the application?

Source: Angular Questions

Published
Categorized as angular, bearer-token, oauth-2.0, security, spring Tagged , , , ,

Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Still Have Questions?


Our dedicated development team is here for you!

We can help you find answers to your question for as low as 5$.

Contact Us
faq