This repository was archived by the owner on Oct 19, 2022. It is now read-only.
This repository was archived by the owner on Oct 19, 2022. It is now read-only.
Tokens aren't revoked on logout for Bearer authentication #60
Description
If a client passes an access token up to the server via an Authorization header and hits the /logout route, the token is not revoked on the Stormpath side.
If the token is passed via cookies, it is revoked properly.