Hi Losant team,
I’m working on an authentication flow where a token is issued upon user login and is valid for 24 hours. This part works fine. However, I’m running into a challenge regarding user inactivity.
My Use Case:
I want to implement a mechanism where, if a user is inactive for a long period (e.g., 8 hours), their token is invalidated - even though it hasn’t technically expired yet. The goal is to force re-authentication based on inactivity, not just total token lifespan.
What I’m Trying to Figure Out:
Is there a way to explicitly revoke or invalidate a previously issued token without generating a new one?