I’m trying to understand how the “logout” feature of the Admin SDK works. This is my scenario:
User logs in and is given a token. In the backend, I call
token.validate(didToken), which succeeds. I decode the token using
const [proof, claim] = mAdmin.token.decode(didToken), and ensure
claim.iss is saved in my backend. All good so far.
Then, I call users.logoutByIssuer(issuer) using the issuer I saved previously. Everything goes well - nothing is thrown.
At this point, I’d expect the previous token to be revoked, thus not being valid anymore. However, when running
token.validate(didToken) on the same token as before, it looks like that isn’t the case; it still succeeds like before - despite having logged out the user in the mean time.
What am I missing here? Can you please clarify how this works?