By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to invalidate the sso access token after log in (logout from AWS)?

0

Hi, I have a C# .net core application (Target framework - .NET 6.0) written based on the instructions given in the tutorials below , I am using AWS IAM Identity Center (SSO authentication - SSOAWSCredentials) to authenticate to AWS, I could successfully log in but I couldn't find a way to clear/invalidate the token (in another words, logout from AWS) I noticed a session token is stored in the local file system in ({UserProfile}.aws\sso\cache) and if I delete that manually then I need to authenticate again - but is there a way to officially invalidate the token?

Single sign-on (SSO) with the AWS SDK for .NET - https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/sso.html

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAWS IAM Identity CenterMulti-factor Authentication
Language
English
Brendan
asked 4 months ago264 views
1 Answer
1
Accepted Answer

This is how you do logout https://docs.aws.amazon.com/singlesignon/latest/PortalAPIReference/API_Logout.html

As the note says you can not logout from assumed roles. If you must terminate assumed role sessions before they expire, the way to do this is to edit attached policy and force everyone to reauthenticate. I don't think this is what you want to do but I wanted to add the reference for completenes.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_revoke-sessions.html

profile picture
EXPERT
Kallu
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content