Patent attributes
Handling access token invalidation is provided. In response to receiving a valid login from a user requesting access to a service, a new access token is issued to the user with a claim containing a container identifier. A first cache corresponding to access tokens issued to the user is searched. In response to identifying a previously issued access token corresponding to the user in the first cache, the previously issued access token is added to a second cache corresponding to stale tokens. The new access token is added to the first cache. In response to receiving the new access token as an identity of the user to access the service, the new access token is validated when the new access token is not identified in the second cache of stale tokens and the container identifier contained in the claim matches an identifier corresponding to a running container of the service.