Not kind of issue, but I could not find any endpoint to revoke the refresh token. Also, I was wondering why revoking access tokens have no effect on refresh token. In your docs, I could see an endpoint to delete single access_token:
curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&token=<your_token>" http://localhost:8000/auth/revoke-token
For all tokens associated with the user:
curl -H "Authorization: Bearer <token>" -X POST -d "client_id=<client_id>" http://localhost:8000/auth/invalidate-sessions
And both works perfectly. I am just asking a way to revoke refresh token as well.
Not kind of issue, but I could not find any endpoint to revoke the refresh token. Also, I was wondering why revoking access tokens have no effect on refresh token. In your docs, I could see an endpoint to delete single access_token:
For all tokens associated with the user:
And both works perfectly. I am just asking a way to revoke refresh token as well.