You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I try to log out and token have already expired, it causes 500 error (because destroy_tokens doesn't work). Shouldn't we ignore that and just clear the session when that happens?
The text was updated successfully, but these errors were encountered:
Actually, come to think of it, even when token is not expired there's no such endpoint on my auth server (based on django-oauth-toolkit). This get request simply generates a 404 error. It does, however, have revoke_token endpoint (RFC 7009 compliant) -- but even if we made the url configurable that requires a post request, not get, and possibly client authorization...
When I try to log out and token have already expired, it causes 500 error (because destroy_tokens doesn't work). Shouldn't we ignore that and just clear the session when that happens?
The text was updated successfully, but these errors were encountered: