Problem statement
How to invalidate a user session on Auth0 native apps after a password reset on the web app by revoking refresh tokens with the Management API so the user is logged out.
Solution
Follow the steps below to remove the offline_access grant for the user.
- Call GET /api/v2/grants?user_id=<user_id>
- Call DELETE /api/v2/grants/{id?} with the chosen grant id.
Note: Deleting a grant will automatically delete a device credential as well. This approach deletes the user’s consent together with the Refresh Token.