I’m using electron js with auth0 for the login process. When the user clicks the login button, I create the login url and open it in his web browser. After he logs in, the browser then reroutes to the app.
Now, when a user selects logout, the refresh token that was previously saved in Keytar is deleted. however, it is not removed from the browser session or storage. Due to this, the browser gets redirected when a user clicks the login button a second time because the browser already has the user’s credentials, and the browser then redirects back to the app. It is not a true logout, therefore.
I attempted to revoke the refresh token, but the api responded with 200 OK, allowing me to continue using the refresh token.