问题描述
我正在尝试在iOS应用中使用。我还希望有一个注销按钮,以便在需要时用户可以选择从应用程序注销。我认为最好的方法是撤销刷新令牌(访问令牌是短暂的并且不能被撤销),理想情况下,它也应该撤销令牌并在服务器端进行清理。
I am trying to use ADALiOS in an iOS app. I also want to have a logout button so that, if needed, the user can elect to logout from the app. The best way, I think, would be to revoke the refresh token (the access token is short-lived and can't be revoked), which ideally should also revoke the token and do clean up on the server-side.
我尝试了Azure AD文档,在源代码中进行了搜索(并且通常在其他位置进行了搜索),但是在ADAL中找不到刷新令牌撤销的任何内容。
I tried Azure AD docs, searched in the source code (and in general searched elsewhere), but couldn't find any mention of refresh token revocation in ADAL.
可以在ADAL中吊销刷新令牌吗?退出用户的最佳方法是什么?
Can a refresh token be revoked in ADAL? What is the best way to log a user out?
推荐答案
是。来自:
我还记得维托里奥在他的博客文章中提到过(),但ADAL 3甚至没有返回刷新令牌。我猜一般的建议是不要对应用程序中的刷新令牌有任何依赖性。
Also I remember Vittorio mentioning in his blog post (ADAL 3 didn’t return refresh tokens for ~5 months… and nobody noticed) that ADAL 3 doesn't even return refresh tokens. I guess the general recommendation is not to take any dependency on refresh tokens in your application.
关于注销用户,请参见以下线程:,尽管此线程是适用于Windows Phone应用。
Regarding logging out the user, please see this thread: ADAL: W8.1 app trying to log user out, though this thread is for Windows Phone app.
这篇关于可以从客户端吊销Azure AD ADAL(ios)刷新令牌吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!