Revoking Admin/User tokens

Referring to the below REST API reference, the admin token generated using REST API seems valid forever, Is there any way to revoke/invalidate the token once generated.

Also if multiple tokens are generated, all of them seem to be valid. Should the latest token invalidate the ones generated earlier?



1 reply

    • Matan_Dror
    • 10 mths ago
    • Official response
    • Reported - view

    All pyramid tokens contain an expiration mechanism , enterprise admins can choose the timeout for the tokens in admin panel under access -> Extended Security. In addition there is also a revoke mechanism inside the pyramid UI , when editing a specific user the admin can select to revoke the user sessions from all devices , this will cause all previous generated tokens for the user to expire.

    As for multiple tokens, multiple token ca be generated for the same user , this is part of the design and is needed as part of the application other features.

Content aside

  • Status Answered
  • 10 mths agoLast active
  • 1Replies
  • 25Views
  • 2 Following