Hello @finnbai welcome to the community!
While there isn’t anything specific to the SDK, you can indeed revoke refresh tokens using the Authentication API.
If you’re able to inspect the /authorize call made when this occurs and see that the response_mode = query then this is indeed due to the refresh token - If response_mode=web_message then it is silent authentication via a hidden iframe.
Regardless, I definitely recommend sharing your thoughts and voting for the following feedback request if you’re up to it:
Hope this helps to clarify 