Refresh token revocation

lihua.zhang · February 17, 2023, 12:13am

Problem statement

How to invalidate a user session on Auth0 native apps after a password reset on the web app by revoking refresh tokens with the Management API so the user is logged out.

Solution

Follow the steps below to remove the offline_access grant for the user.

Call GET /api/v2/grants?user_id=<user_id>
Call DELETE /api/v2/grants/{id?} with the chosen grant id.

Note: Deleting a grant will automatically delete a device credential as well. This approach deletes the user’s consent together with the Refresh Token.

Topic		Replies	Views
Suggested way for mass deleting refresh tokens Get Help	5	4046	March 27, 2018
Unable to revoke refresh tokens Get Help auth0 , refresh-tokens	2	2169	December 21, 2022
Revoke Access token programatically Get Help refresh-tokens , refresh_token	8	11251	September 22, 2020
How do we invalidate the refresh token for a user, whenever the user changes their password. Get Help token , auth0-users , change-password , users	6	11967	March 2, 2018
Invalidate Refresh token after "Change Password" Get Help auth0 , change-password , users , react-native , react	4	11167	April 17, 2020

Refresh token revocation

Problem statement

Solution

Related topics