I'm not quite sure what Soren means by "everyone's tokens," but I can confirm that all tokens for the specific user are revoked -- revocation is **not** limited to the specific tenant. While not 100% desirable, I don't see how it's a security vulnerability..?
I would definitely prefer to limit token revocation to the specific tenant, however.
I'm not quite sure what Soren means by "everyone's tokens," but I can confirm that all tokens for the specific user are revoked -- revocation is **not** limited to the specific tenant. While not 100% desirable, I don't see how it's a security vulnerability..?
I would definitely prefer to limit token revocation to the specific tenant, however.