Closed dewulf closed 3 years ago
Thanks, Elitan for your answer! And thanks for moving forward with such a great product. Removing all current refresh_tokens is currently not possible without providing a valid current one. For me, it would make more sense if providing no refreh_token at all in the case when "all":"true" and then to simply remove all existing refresh_tokens from the table.
Ah, you want to clear all refresh tokens for all users? Is that what you're trying to do?
Our intent was that all: true
would sign out the user from all other devices. So all: true
means that all the logged-in user's refresh token would be deleted. Not all refresh token for every user.
Ok, I understand. It makes full sense. The only misunderstanding from my side why to provide a concrete refresh token when I want to delete all tokens for a specific user. But I see now, that this behavior is realized in auth/token/revoke. Thanks for your support, very appreciated.
Do you mean that the user provides the JWT Token instead?