Hi all!
+1 for this feature.
We are currently exploring the implementation of a centralized logout feature that spans across multiple applications deployed on distinct domains, specifically domain1 and domain2. Our objective is to enhance the user experience by ensuring that when a user initiates a logout from the application on domain1, their session is also effectively terminated on domain2. However, we are facing a challenge due to the persistence of an active refresh token on domain2, even after the user has logged out.
Here’s the scenario we are dealing with:
We have multiple applications deployed on separate domains, namely domain1 and domain2.
Upon initiating a logout from the application on domain1, we aim to trigger a corresponding session termination on domain2.
The complication arises from the presence of an active refresh token on domain2, allowing continued authorization even post-logout.