In order to log-out, a Krypton Web client can remove its authentication token. However, it can't remove its refreshToken as it is inside an httpOnly cookie. Thus, we can still refresh the authentication token and stay even if the one locally stored has been deleted.
We should provide a mutation removing the refreshToken of the client and the related session in the DB.
In order to log-out, a Krypton Web client can remove its authentication token. However, it can't remove its
refreshTokenas it is inside an httpOnly cookie. Thus, we can still refresh the authentication token and stay even if the one locally stored has been deleted.We should provide a mutation removing the
refreshTokenof the client and the relatedsessionin the DB.