Skip to content

Revoke and or signOut causes all RefreshTokens of a given user to be removed from SSO server #215

New issue
New issue
Open
Open
Revoke and or signOut causes all RefreshTokens of a given user to be removed from SSO server#215
Labels
bugSomething isn't working
@pxmal

Description

@pxmal
pxmal
opened on Jan 29, 2025

Describe the bug?

Hi,

We're experiencing an issue where when signing out, using either .revoke() and or .signOut, all of that unique user's refreshTokens are removed from the SSO server.

This is an issue if a unique user has multiple devices, and then signs out on one of the devices. Then the refreshToken on the other device is also removed on the SSO server.

I can see on the SSO server that the Event Type of the revoke / signOut is of type "REVOKE_GRANT", and not "LOGOUT".

Is there any configuration of the signOut or revoke methods that does not cause the "REVOKE_GRANT" event on the SSO that I can use?

Thanks!

What is expected to happen?

All refreshTokens should not be removed from the SSO server.

What is the actual behavior?

All refreshTokens of a user is removed on the SSO server.

Reproduction Steps?

Use two devices. Sign in on both, and then sign out on one of them.

Additional Information?

No response

SDK Version(s)

1.8.0

Build Information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions