Hi @plnic
Logging out destroys the session, but not access tokens.
Access tokens cannot be revoked. They are self-contained, enabling verification by the backend without contacting Auth0 (except to get the signature verification keys which don’t change very often and should be cached). Thus there is no way to revoke them.
Make your access tokens shortlived because of this.
John