I had to delete over 90 users in my web api. I am using web api 2 individual account. But after deleting this users, they still can use my web-api, because access token are cached somewhere. How to prevent that?
because tokens are stored on the client and not on the server, u can't manually invalid token.
but i found three solutions:
1'st - Just wait until tokens expire (14 days, it was too long for me)
2'nd - changing the date on the server, when i add'ed 14 days to server date, All tokens expired (but on production server this was unacceptable)
3'rd - Changing machine key on server.