Hi. I now that auth0 API has method to revoke a refresh token:
And it also revokes all other refresh tokens for that user and that application.
But let’s consider an example:
I have an API that I want to protect with auth0 service. And I have 3 different client application types:
IOS application, Android application and Single page web application all of them are first-party. They developed by the same organisation as the API and they prompt users to enter their credentials (username/password).
All of them are registered as 3 distinct applications in the auth0 dashboard and have different application types and client ids.
And now I want to add a button that most often called “log out from all devices”. It revokes all refresh token on IOS applications, Android applications and Single page web applications. But the revoke token method that I mentioned will revoke only tokens that belong to the current app. So it means if user presses this button from the IOS application only IOS tokens will be revoked and android and web tokens will keep working.
I want this button to log out all first-party applications(all devises where user is logged in).
How can I achieve the desired behaviour?