token revocation endpoint
I can't find that token revocation endpoint from B2C documentations.
If not implemented token revocation endpoint, I need it for protect customer from malicious attacker.
Oleg Baev commented
How this thread is monitored by Microsoft? Is there any roadmap in this regard?
Arnaud THOREL commented
The logout feature only provide "clear session" mecanism but doesn't revoke the tokens.
The only way actually to do this, is using the administrator graphAPI and revoke all the tokens for a user.
This solution is not acceptable as a user can be connected on multiple devices.