You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I may be misunderstanding something here, but for security purposes, it seems like we'd want a handler that, on signout, immediately revokes the latest refresh and auth tokens so that if someone had either, they'd no longer work (particularly the refresh token). I see there's a revokeRefreshToken function in the cacheStorage.js example, which could work, but it also appears to create a new refresh token. (Which isn't really a problem as long as its not returned to the client.)
Basically I suppose I'm just curious: If I wanted to create my own signout handler to satisfy the security needs described above, what's the best approach to doing so?
The text was updated successfully, but these errors were encountered:
I may be misunderstanding something here, but for security purposes, it seems like we'd want a handler that, on signout, immediately revokes the latest refresh and auth tokens so that if someone had either, they'd no longer work (particularly the refresh token). I see there's a
revokeRefreshTokenfunction in thecacheStorage.jsexample, which could work, but it also appears to create a new refresh token. (Which isn't really a problem as long as its not returned to the client.)Basically I suppose I'm just curious: If I wanted to create my own signout handler to satisfy the security needs described above, what's the best approach to doing so?
The text was updated successfully, but these errors were encountered: