I would like to forcibly invalidate a Bearer Token that was issued by the default ApplicationOAuthProvider from the ASP.Net Web API2 project template. The project has the below code, which doesn't work for Bearer tokens. <pre class="prettyprint"><code>Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType); </code></pre>

There's nothing built in for that - you could build your own mechanism for it which typically involves something like a database check on each request. The other thing is, keep token lifetime short and use something like refresh tokens - see here: http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/

How do you invalidate an ASP.Net Web API 2 Bearer token?

Tags:

asp.net-web-api

asp.net-identity

I would like to forcibly invalidate a Bearer Token that was issued by the default ApplicationOAuthProvider from the ASP.Net Web API2 project template.

The project has the below code, which doesn't work for Bearer tokens.

Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);

517

asked Nov 17 '13 13:11

Theo

1 Answers

There's nothing built in for that - you could build your own mechanism for it which typically involves something like a database check on each request.

The other thing is, keep token lifetime short and use something like refresh tokens - see here: http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/