I have an Azure AD enterprise connection to authenticate my app.
The login process is working great (user can click on “login with azure ad” and everything fine, I get the refresh token and keep it for next time)
My question is about when signed out from the Azure AD.
My expected behavior that if had user signed out from the Azure AD, he will be required to re-login to my app
But when I tried it (I signed out from Azure AD) I was still able use the refresh token and get valid tokens for my app
How can I achieved the desired behavior?
Hi @hagai.shahar10 ,
Welcome to the Auth0 Community!
This article talks about how to update the lifetime of the access token. If you updated it with a small number in second, after users log out, the token will get expired, and they need to re-login to the app.
Hope it helps!
Hey Iihua, thank you for your replay
We have to use refresh token with long expiration time (about half a year long). Our native app stored that refresh token and using it to generate new access tokens (with short expiration times).
When the user is logged out or deleted from the 3rd party connection (Azure AD for example), how can we automatically detected & revoke the refresh token?