Unable to fully logout when using refresh tokens

Hello @finnbai welcome to the community!

While there isn’t anything specific to the SDK, you can indeed revoke refresh tokens using the Authentication API.

If you’re able to inspect the /authorize call made when this occurs and see that the response_mode = query then this is indeed due to the refresh token - If response_mode=web_message then it is silent authentication via a hidden iframe.

Regardless, I definitely recommend sharing your thoughts and voting for the following feedback request if you’re up to it:

Hope this helps to clarify :smile:

1 Like