spring-security-refresh-token-jwt icon indicating copy to clipboard operation
spring-security-refresh-token-jwt copied to clipboard

Published 20 hours ago verified publisher icon bezkoder

Signout endpoint

Open ferlezcano opened this issue 3 years ago • 0 comments

Since the user does not neet to be authenticated to call /api/auth/signout you can't get the principal from authentication to find and delete the refreshtoken.

IMHO this method has to get from headers both token and refreshtoken to invalidate/remove the refreshtoken from the database.

ferlezcano avatar Oct 05 '22 06:10 ferlezcano