How to Invalidate Tokens on User Inactivity Without Issuing a New One?

Jayanth_Guntuku · June 23, 2025, 11:20am

Hi Losant team,

I’m working on an authentication flow where a token is issued upon user login and is valid for 24 hours. This part works fine. However, I’m running into a challenge regarding user inactivity.

My Use Case:
I want to implement a mechanism where, if a user is inactive for a long period (e.g., 8 hours), their token is invalidated - even though it hasn’t technically expired yet. The goal is to force re-authentication based on inactivity, not just total token lifespan.

What I’m Trying to Figure Out:
Is there a way to explicitly revoke or invalidate a previously issued token without generating a new one?

Dylan_Schuster · June 23, 2025, 12:30pm

Hi @Jayanth_Guntuku, and welcome to the Losant Forums! To answer your question …

Is there a way to explicitly revoke or invalidate a previously issued token without generating a new one?

There is - using the User: Update Node and checking the “Invalidate tokens” option.

As for your use case of expiring tokens for idle users, there are a number of ways you could accomplish that, but it sounds like you have an idea of how to approach that already. Let us know if you have any other questions!

Jayanth_Guntuku · June 23, 2025, 5:57pm

Thank You @Dylan_Schuster. It worked

Topic		Replies	Views
Does obtaining an authentication token invalidate previous tokens? Help rest-api	2	653	August 31, 2019
Recommended authentication flow Help	12	2355	July 14, 2016
Invalidate any previously existing authentication tokens Help experience , dashboard	2	606	June 18, 2019
Experience User tokens - Autentication Help experience	2	876	May 27, 2020
JWT token for password reset Help experience	18	757	August 18, 2021

How to Invalidate Tokens on User Inactivity Without Issuing a New One?

Related topics