Invalidate auth token?

Is there a way to invalidate a user's auth token when they log out of your application?

What about revoking all active tokens for a user?

And for how long is the token received on login valid?

Working with APIs

2 replies