I have searched the documentation and I don't find how or if it is possible to revoke a refresh token in ADFS 4 (ADFS 2016).
I'm worried about what may happen if a malicious user steals a refresh token that has an expiry time of 1 year for example.
Asked
Active
Viewed 1,936 times
1 Answers
1
Change AD password for the user the refresh token was issued to or disable the account. These two would invalidate the refresh token use to issue any new token. I don't believe ADFS 4 has a powershell or api otherwise to explicitly revoke a token.
user494604
- 26
- 1