Fix OAuth2 token lingering after revocation

ac78f801 · iamtakingiteasy · a1641193 · ac78f801 · ac78f801
Commit ac78f801 authored 1 year ago by iamtakingiteasy
--- a/changelog.d/oauth2-token-linger.fix
+++ b/changelog.d/oauth2-token-linger.fix
+Fix OAuth2 token lingering after revocation
--- a/src/modules/users.js
+++ b/src/modules/users.js
@@ -651,6 +651,12 @@ const users = {
              const response = data.error
              // Authentication failed
              commit('endLogin')
+
+              // remove authentication token on client/authentication errors
+              if ([400, 401, 403, 422].includes(response.status)) {
+                commit('clearToken')
+              }
+
              if (response.status === 401) {
                reject(new Error('Wrong username or password'))
              } else {