[SECURITY] Add method that revokes all access tokens used for the current app

Question

[SECURITY] Add method that revokes all access tokens used for the current app

Opened this issue 2 years ago · 0 comments

When a user logs out it is a best practice to also revoke all access tokens that hold a refresh token to enhance security. This allows the user to take some action in case of a security issue.

In case there are multiple clients (e.g. a mobile app) those access tokens should not be deleted.