[SECURITY] Add method that revokes all access tokens used for the current app
Opened this issue · 0 comments
jalyna commented
When a user logs out it is a best practice to also revoke all access tokens that hold a refresh token to enhance security. This allows the user to take some action in case of a security issue.
In case there are multiple clients (e.g. a mobile app) those access tokens should not be deleted.