Auth0 API | Blacklists › Tokens › Get Blacklisted Tokens

Blacklists

blacklists

Blacklists

Tokens

blacklists.tokens

Methods

Blacklist A Token ->

post/blacklists/tokens

Add the token identified by the jti to a blacklist for the tenant.

Get Blacklisted Tokens -> Array<

Token

get/blacklists/tokens

Retrieve the jti and aud of all tokens that are blacklisted.

Note: The JWT specification states that the jti field can be used to prevent replay attacks. Though Auth0 tokens do not include a jti, you can nevertheless blacklist a jti to prevent a token being used more than a predetermined number of times. This behavior is similar to implementing a nonce (where the token's signature can be thought of as the nonce). If a token gets stolen, it (or the tokens issued after it) should be blacklisted and let expire.

Security

Example: Authorization: Bearer My Bearer Token

Parameters

aud: string

Optional

Optional filter on the JWT's aud claim (the client_id to which the JWT was issued).

Request example

curl https://login0.local.dev.auth0.com/api/v2/blacklists/tokens \
    -H "Authorization: Bearer $BEARER_TOKEN"

200Example

[
  {
    "jti": "x",
    "aud": "aud"
  }
]

Domain types

Token = { jti, aud }