Revoking Admin/User tokens
Referring to the below REST API reference, the admin token generated using REST API seems valid forever, Is there any way to revoke/invalidate the token once generated.
Also if multiple tokens are generated, all of them seem to be valid. Should the latest token invalidate the ones generated earlier?
All pyramid tokens contain an expiration mechanism , enterprise admins can choose the timeout for the tokens in admin panel under access -> Extended Security. In addition there is also a revoke mechanism inside the pyramid UI , when editing a specific user the admin can select to revoke the user sessions from all devices , this will cause all previous generated tokens for the user to expire.
As for multiple tokens, multiple token ca be generated for the same user , this is part of the design and is needed as part of the application other features.