The user will use credentials to login into the application and Auth0 will assign a token to the user to interact with my application. As it is known, token will expire after some days.
Here application will take to login page once the user clicks on the logout button from the application. But the Auth0 tokens are still valid at server side, here the point is if an attacker or shared computer user can log in into the application without entering the credentials.
Now, how can I prevent this? So that application should ask for credentials when a user logouts from the application, also the previous tokens should be declined if it is reused.