Fix auth logic
youngbryanyu opened this issue · 0 comments
youngbryanyu commented
- don't pass the userId in the HTTP request headers. Get the user id from the refresh tokens when verifying and refreshing.
- logout should require an access token
youngbryanyu opened this issue · 0 comments