Feature: Remove refresh token from Active devices on logout Description: When a user logs out of a SPA, calling the logout endpoint does not revoke the refresh token. This leaves it available for use if it is compromised on the client-side or in transit. The revoke refresh token endpoint can be cal…

Revoke Refresh Token on Logout

jose.afernandes September 4, 2023, 9:08am 6

+1 here, this is an absolute need because of:

No support in the SDK means many security issues for sure for many users of Auth0.

1 Like

October 2023 Community News

Topic		Replies	Views
Unable to revoke refresh tokens Help auth0 , refresh-tokens	2	2064	December 21, 2022
Limit number of active user sessions by revoking refresh tokens upon login? Help jwt , actions	2	3481	March 31, 2021
Invalid Refresh Token - Take 3 Help refresh-tokens	2	3616	December 18, 2018
Logout user once refresh token expires, instead of making call to /authorize endpoint to get new access and refreshtoken Help classic-universal-login-experience , login-experience	3	3937	February 16, 2023
Ability to revoke access token at logout Feedback auth0	6	5660	September 8, 2021