Warm tip: This article is reproduced from serverfault.com, please click
azure azure-active-directory azure-ad-b2c oauth-2.0

How to validate the user id token after user password changes in AD B2C

发布于 2020-11-16 08:17:50

I am creating a user in AD B2C local account and able to generate the user id token for the created user with https://login.microsoftonline.com/{{My_Domain_Name}}.onmicrosoft.com/oauth2/token/ and I am using this token to Get the User profile https://graph.windows.net/{{My_Domain_Name}}.onmicrosoft.com/users/{{USER_ID}}?api-version=1.6. Now if I change the user's password and keep the old user id token I am still able to access the user profile , is there a way to restrict the Get User with the old token ?

Questioner
coder89
Viewed
0
分享
Allen Wu 2020-12-01 14:49:32

Move comments to answers for more people's reference.

Firstly, you are using access token to access the user profile. Access token cannot be revoked. But you could revoke the refresh token, then user will lose access to AAD when the old access token expires. The default expiration is 1 hour.

See reference here.

So you cannot restrict the Get User with the old token immediately, after you took the above steps:

For applications using access tokens, the user loses access when the access token expires.

热门帖子

1
Android 开发方向:传统 View 开发 or 拥抱 Jetpack Compose
2
浙江 ISP 会屏蔽 Wireguard UDP 端口
3
高级 Java 岗位一定需要有管理经验吗
4
兄弟们,老是倒在大厂二面的怎么办?
5
最近很多小伙伴弄港卡,分享一下个人开卡经历
6
vercel 免费版 3 个指标都超了,好像我的网站已经获得了基础流量。还好套了 cloudflare 不然流量也超了。
7
最近换了真我手机,发现这系统连应用的数据都无法备份
8
MacBook Pro 决赛圈
9
连下厨房也要放弃网页版了
10
杭州岗位太少了

热门github

1
A multi-platform library for OpenGL, OpenGL ES, Vulkan, window and input
2
Dev tool that writes scalable apps from scratch while the developer oversees the implementation
3
shadcn/ui, but for Svelte. ✨
4
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.
5
Performance-portable, length-agnostic SIMD with runtime dispatch
6
ZK Credo
7
OpenCodeInterpreter: Integrating Code Generation with Execution and Refinement
8
Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
9
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.
10
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
11
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
12
🎓 Path to a free self-taught education in Computer Science!
13
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
14
A collective list of free APIs
15
📚 Freely available programming books