Web API 2, OWIN Authentication, SignOut doesn’t logout

Since OAuth is not an authentication protocol, there is no notion of signout. Delete the access token on the client – that’s all you can do.

If you want to invalidate the token on the server side, add a unique id to it and keep track in your service – you would need to manually build something like that.

Leave a Comment