Server Side Logout Support?
Hi all! I noticed that there already existed some discussion about "Server Side Logout" in both discord and github.
Actually, gotrue already stored sessions postgresql, for some operations(like update user properties), it would check the session, so the client could not use the old access_token to update user . BUT for some other operations(like get user), it would not check the seesion, so a logged out client could still get the latest information of the user properties.
That's kind of inconsistency of the access_token behavior on different endpoints.
Is it by design or on purpose? Or should we make them the same?
If that could be accepted, I'd like to make contribute on it. Thanks!
Actually, gotrue already stored sessions postgresql, for some operations(like update user properties), it would check the session, so the client could not use the old access_token to update user . BUT for some other operations(like get user), it would not check the seesion, so a logged out client could still get the latest information of the user properties.
That's kind of inconsistency of the access_token behavior on different endpoints.
Is it by design or on purpose? Or should we make them the same?
If that could be accepted, I'd like to make contribute on it. Thanks!
