Feature: Remove refresh token from Active devices on logout Description: When a user logs out of a SPA, calling the logout endpoint does not revoke the refresh token. This leaves it available for use if it is compromised on the client-side or in transit. The revoke refresh token endpoint can be cal…

Revoke Refresh Token on Logout

jose.afernandes September 4, 2023, 9:08am 6

+1 here, this is an absolute need because of:

No support in the SDK means many security issues for sure for many users of Auth0.

1 Like

October 2023 Community News