e485384d2f
- Track user tokens in Redis set (artdag:user_tokens:{username})
- Register token when user authenticates via /auth
- Add /auth/revoke-user endpoint to revoke all user tokens
- L2 calls this on logout to revoke scoped tokens
Fixes logout not working across L1/L2 (scoped tokens differ from L2 token).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
178 KiB
178 KiB