gilesb cd60016558 Add token revocation for federated logout ...

- Add revoke_token() and is_token_revoked() functions using Redis
- Check revocation in get_verified_user_context()
- Add /auth/revoke endpoint for L2 to call on logout
- Revoked tokens stored with 30-day expiry (matching token lifetime)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-09 18:07:50 +00:00

176 KiB

Raw Blame History

View Raw