I want to invalidate the bearer token in Asp.net-Identity. I tried to call the UpdateSecurityStampAsync(userId) and I can se that my user's security stamp get updated. But the old tokens are still valid. Does that only invalidate cookie authentication?
Is it possible to solve it in another way?
Out of the box it is't possible to invalidate tokens, because they are generated by the server's machinekey.