Logout (single device)

[geolunalg]

Overview

User Story:
As a user, I want to log out so my session is ended on this device.

Action Items

Acceptance Criteria:

• POST /auth/logout:
  • revokes the refresh token record server-side
  • clears the refresh token cookie
• Subsequent refresh attempts fail with 401.

Resources/Instructions

• This issue is part of the epic: EPIC: Authentication & Session Management (JWT + Refresh) #2065

[rteas]

Backend Task completed. Orignal /auth/logout api has been modified to remove refresh token, preventing a user from re-using the refresh token.

Frontend must remove its JWT manually.

[geolunalg]

@JackHaeg @trillium @rteas

Need confirmation that the backend is refresh token is invalidated on the back end form Richy.

Frontend: On logout shoudl return to the login page

Size: S to M