Bugless #43
sso: invalidate sessions when needed
Status:
New
Priority:
Normal
Assignee:
-
Category:
hscloud
Description
We'd like to invalidate all oauth sessions whenever a user:
- changes their password
- visits a magic 'log out everywhere' endpoint
- becomes for some reason inactive (probably depends on #35, in which we define more closely what inactiveness means)