Perhaps I’m missing something with my understanding of how this all works, so please bare with me
we have both front end and back end app for authenticate our user account. The front-end app can login and logout without any issue and it works perfectly. When I logout the user from my front-end app, the access_token is still validated (and it never destroy on Auth0) . I can still use that access_token to make a request to my back-end/api because the expiration date is not yet passed. I had been reading so many articles about how to deal with it. Is there a better way to revoke the access_token from auth0 or any control that I can do for it? I need my users to be login to their computer or device without logout within 3 days. Do not suggest me to change the session in 3 mins like that. I need a better way to keep user login, and when they logout out. My back-end can know that the access_token is invalided.
Thank you any helpful tips