Auth0 Docs home page
Search...
⌘K
Ask AI
Log In
Contact Sales
Sign Up
Sign Up
Search...
Navigation
Tokens
Revoke Tokens
Documentation
Quickstarts
API Reference
SDKs
Secure
Make sure only the right people can access your applications
Secure
Protect Your Application
Application Credentials
Attack Protection
Continuous Session Protection
Highly Regulated Identity
Auth0’s Mobile Driver's License Verification Service
Multi-Factor Authentication
Security Center
Security Guidance
Sender Constraining
Tokens
Overview
JSON Web Tokens
ID Tokens
Access Tokens
Delegation Tokens
Refresh Tokens
Revoke Tokens
Manage Refresh Tokens with Auth0 Management API
Token Best Practices
Token Vault
Protect Your Tenant
Tenant Access Control List
Compliance
Data Privacy and Compliance
On this page
Learn more
Protect Your Application
Tokens
Revoke Tokens
Copy page
Copy page
Once issued,
access tokens
and
ID tokens
cannot be revoked in the same way as cookies with session IDs for server-side sessions.
As a result, tokens should be issued for relatively short periods, and then
refreshed
periodically if the user remains active.
Learn more
Revoke Refresh Tokens
Token Best Practices
Was this page helpful?
Yes
No
Configure and Implement Multi-Resource Refresh Token
Previous
Manage Refresh Tokens with Auth0 Management API
Next
Assistant
Responses are generated using AI and may contain mistakes.
