Question: is there any way to invalidate OpenToken? Problem: I have a opentoken associated with user session in PF. Now the user initiated the SLO process (before open token expired) and the session associated with PF and application will be removed but the open token is still valid for some time. Now i'm using the opentoken and access the RESTAPI(here copy and paste the opentoken for authentication) content successfully. API's are working based on 'notOnOrAfter' attribute in opentoken.
Expect: Anyway to invalidate the open token, means how to identify open token session in PF is removed or any new attribute can be added in open token for identify the token session is removed or not?
This is why the OpenToken should NOT be used for the session. Basically, the OpenToken should be used for a short term authentication period (e.g., 3-5 minutes), from which the application builds its OWN session token. Once PingFederate generates an OpenToken, it remains valid for the period defined.