fix(auth): tighten refresh session revocation

2026-05-13 15:04:37 +08:00
parent b13870f71b
commit 4fecf9c975
36 changed files with 1664 additions and 170 deletions
--- a/server-rs/crates/api-server/src/logout.rs
+++ b/server-rs/crates/api-server/src/logout.rs
@@ -40,6 +40,7 @@ pub async fn logout(
            LogoutCurrentSessionInput {
                user_id: authenticated.claims().user_id().to_string(),
                refresh_token_hash,
+                session_id: Some(authenticated.claims().session_id().to_string()),
            },
            OffsetDateTime::now_utc(),
        )