logout api only invalidate the refresh token, but the auth token is still valid until it expires

[Bacce]

logout endpoint was implemented here: #19

[aliasgar55]

That should be a expected behavior and hence we keep the expire time of access token low
If your application requires a more strict logout policy, maybe you can add a memory database which can track the user logouts, and every time you check the access token you also check if the user has logged out, and if the user has logged out you can return a 401 error to the user
You will probably also need to add some more fields to the JWT token to make this work

[imuhammadarsalan]

Ive tested the api logout but i think it is not working , Ive login as admin and after logout i can access /users endpoint which is not good !! please take a look at this bug..

Thanks.
Muhammad.