Forced logout from server code ??

Hi -

Is there any way to forcefully logout a user - from server code (backend API) ?

The use case is that either on customer request (or on automatic detection of suspicious activity) - I want to lock user account for say 24 hrs - I am tracking user status myself - to not allow logins - but how to invalidate any existing login ??


You can force user logout in two ways:
IF the multiple logins option in turned OFF, you can invalidate previous user session by logging in him.
Otherwise, you have to persist all user tokens for active sessions and invalidate them by calling logout.