gstackoverflow gstackoverflow - 8 days ago 5
Java Question

How to revoke auth token in spring security?

In logout controller I tryed to write a lot of combination of code. Now I have this:

final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null)
{
new SecurityContextLogoutHandler().logout(request, response, auth);
}
SecurityContextHolder.getContext().setAuthentication(null);
auth.setAuthenticated(false);


But after it this token is valid.

What Do I wrong?

What new can I to try ?

Answer

I'm little late here, but anyway... The class you're looking for is DefaultServices, method revokeToken(String tokenValue).

Here an exemple of a controller that revokes token, and here the oauth2 configuration with the DefaultServices bean.

Comments