How to Invalidate Tokens on User Inactivity Without Issuing a New One?

Hi Losant team,

I’m working on an authentication flow where a token is issued upon user login and is valid for 24 hours. This part works fine. However, I’m running into a challenge regarding user inactivity.

My Use Case:
I want to implement a mechanism where, if a user is inactive for a long period (e.g., 8 hours), their token is invalidated - even though it hasn’t technically expired yet. The goal is to force re-authentication based on inactivity, not just total token lifespan.

What I’m Trying to Figure Out:
Is there a way to explicitly revoke or invalidate a previously issued token without generating a new one?

Hi @Jayanth_Guntuku, and welcome to the Losant Forums! To answer your question …

Is there a way to explicitly revoke or invalidate a previously issued token without generating a new one?

There is - using the User: Update Node and checking the “Invalidate tokens” option.

As for your use case of expiring tokens for idle users, there are a number of ways you could accomplish that, but it sounds like you have an idea of how to approach that already. Let us know if you have any other questions!

Thank You @Dylan_Schuster. It worked :slight_smile: