Feature: Ability to revoke access token at logout
Description: During a PEN test on our SPA which is written in angularjs it was highlighted that after a user logs out the access token is still valid and usable. For this purpose we would like to be able to revoke the access token at logout.
Use-case: Our SPA needs to be ISO 27001 compliant so we have to address this open point. Ideally we would need it both in angularjs and in angular 2 . Our use case prevents us from using short lived tokens as each section of the website is a separate website that shares the tokens.