Delete/Revoke OAuth token at logout
Maybe I’m overlooking something obvious, but why aren’t OAuth tokens revoked at logout? This would reduce the amount of valid tokens in the overview.
The logout currently happens purely on the client side, which also means, that the pleroma_key
cookie can’t be deleted in Pleroma-FE, because of the HttpOnly
flag.
Edited by shibayashi