From b244bfad7d5a1c267f16c5ea735125ac7c277c3a Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Tue, 29 Nov 2022 12:56:40 +0100
Subject: [PATCH] openid: Revoke tokens on logout

---
 hosts/architect/openid.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/architect/openid.nix b/hosts/architect/openid.nix
index fa11dbd..b1762c7 100644
--- a/hosts/architect/openid.nix
+++ b/hosts/architect/openid.nix
@@ -12,7 +12,8 @@
           redirect_after_logout_uri = "/",
           redirect_uri = "/redirect_uri",
           keepalive = "yes",
-          accept_none_alg = true
+          accept_none_alg = true,
+          revoke_tokens_on_logout = true
       }
 
       -- call introspect for OAuth 2.0 Bearer Access Token validation