Invalidate Bearer token

Hi, I’m using a simple SPA app, and for the login process, I’m using Universal Login.

So, once a user is logged in, we can have included a bearer token in API calls to BE application.
I’ve faced the case, when a user is logged out, we can still take a bearer token and use it with BE application.
Is there a possibility to check the bearer token after the user has logged out?

Thanks in advance!

Hello @l1750sqqs, Welcome to the Auth0 Community.

The Access Token expiration is not linked with the user session management.
I recommend reading this article for better understanding of token storage:

Regards,
Sid

1 Like

Let us know if you have any other questions down the road!

Hi, thanks for the answer,
I’ve read an article that @sidharth.chaudhary shared with me,
and I’m actually looking for let’s say:
set Bearer token lifetime 5min,
then on the client-side implement check, that depending on bearer token lifetime, either will generate a new one by using the getAccessTokenSilently (From the Auth0 React SDK) method or returns user access denied

Thanks

1 Like