Last post Feb 14, 2017 06:25 AM by Chris Zhao
Feb 13, 2017 08:54 AM|Ken.N|LINK
I secure Web API follow : " http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
When user A login , access token "Access-A" and refresh token "Refresh-A" is isssued . When i send Refresh Token "Refresh-A" to AuthorizationServer , i want to access token "Access-A" expired,and get new access token "NewAccess-A" and new Refresh Token "NewRefresh-A"
I want to force access token timeout when i send refresh token to Authorization Server .
Feb 14, 2017 06:25 AM|Chris Zhao|LINK
You need custom user session implementation for Web API token, create a new database table to hold the user sessions, signout and delete the user session from DB.