oauth2: Revoke token on logout

If a user logs out of the session, and their token is not revoked, if
their token were to leak somehow, then an attacker could use it before
it expired.

Explicit revocation of the token helps avoid that.

0 files changed, 0 insertions, 0 deletions