fix: call token revocation endpoint on logout

Author: SkySails

packages/auth/package.json

@@ -31,6 +31,9 @@
   "publishConfig": {
     "access": "public"
   },
+  "engines": {
+    "node": ">=10"
+  },
   "scripts": {
     "build": "tsup src/index.ts --format esm,cjs --dts ",
     "dev": "tsup src/index.ts --format esm,cjs --watch --dts --sourcemap inline",

packages/auth/src/constants.ts

@@ -1,3 +1,4 @@
 export const IDENTITY_ROOT = "https://identity.api.navigraph.com";
 export const IDENTITY_DEVICE_AUTH = IDENTITY_ROOT + "/connect/deviceauthorization";
 export const IDENTITY_ENDSESSION_ENDPOINT = IDENTITY_ROOT + "/connect/endsession";
+export const IDENTITY_REVOCATION_ENDPOINT = IDENTITY_ROOT + "/connect/revocation";

packages/auth/src/internal.ts

@@ -1,4 +1,5 @@
-import { IDENTITY_ENDSESSION_ENDPOINT } from "./constants";
+import { getApp, Logger } from "@navigraph/app";
+import { IDENTITY_REVOCATION_ENDPOINT } from "./constants";
 import { authenticatedAxios } from "./network";
 import { CustomStorage, Listener, StorageKeys, User } from "./public-types";
 
@@ -38,8 +39,24 @@ export const setUser = (user: User | null) => {
 export const setInitialized = (initialized: boolean) => (INITIALIZED = initialized);
 
 export const signOut = () => {
+  const app = getApp();
+  const refreshToken = tokenStorage.getRefreshToken();
+
+  if (app && refreshToken) {
+    authenticatedAxios
+      .post(
+        IDENTITY_REVOCATION_ENDPOINT,
+        new URLSearchParams({
+          client_id: app.clientId,
+          client_secret: app.clientSecret,
+          token__type_hint: "refresh_token",
+          token: refreshToken,
+        })
+      )
+      .catch(() => Logger.warning("Failed to revoke token on signout"));
+  }
+
   tokenStorage.setAccessToken();
   tokenStorage.setRefreshToken();
   setUser(null);
-  authenticatedAxios.get(IDENTITY_ENDSESSION_ENDPOINT).catch(() => "");
 };