[PP-1] Revoke refresh tokens

Created on 16 February 2018, almost 7 years ago
Updated 18 January 2024, 11 months ago

Problem/Motivation

We need to revoke both access and refresh tokens from the resource servers in a generic way. One use case is to revoke tokens in the back-end when the user logs out in front-end.

Proposed resolution

Implement a solution that is compliant with the specification RFC 7009. The PHP library we are using already has an issue for token revocation with a pull request.

Remaining tasks

User interface changes

  1. Implement the feature.
  2. Provide functional testing
πŸ’¬ Support request
Status

Needs work

Version

5.0

Component

Code

Created by

πŸ‡§πŸ‡ΎBelarus skorzh Belarus

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024