FuelRats · UncleClapton · Jan 5, 2021 · Jan 3, 2021 · Jan 4, 2021
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@ For detailed rules of this file, see  [Changelog Rules](#changelog-rules)
 
 ### ⚡ Changed
 * Further improve message displayed when email validation token is invalid.
+* Logging out also removes your access token through the API, so your token cannot be used anywhere anymore. - [#305][]
 
 
 ### 🐛 Fixed
@@ -25,6 +26,7 @@ For detailed rules of this file, see  [Changelog Rules](#changelog-rules)
 * Perform some preparation steps for Webpack 5 and Yarn PnP.
 * Upgrade to Yarn 2 (but not PnP, that comes later when the bugs are solved).
 
+[#305]: https://github.com/fuelRats/fuelrats.com/pull/305
 [#303]: https://github.com/fuelRats/fuelrats.com/pull/303
 [#302]: https://github.com/fuelRats/fuelrats.com/pull/302
 [Unreleased]: https://github.com/FuelRats/fuelrats.com/compare/v2.12.6...HEAD

diff --git a/src/server/middlewares/proxy.mjs b/src/server/middlewares/proxy.mjs
@@ -34,6 +34,12 @@ const configureProxies = (koaServer, env) => {
     target: env.api.url,
   }))
 
+  koaServer.use(createProxyWithDefaults('/api/oauth2/revoke', {
+    auth: `${env.api.clientId}:${env.api.clientSecret}`,
+    rewrite: stripPathSegment('api'),
+    target: env.api.url,
+  }))
+
   koaServer.use(createProxyWithDefaults('/api', {
     rewrite: stripPathSegment('api'),
     target: env.api.url,

diff --git a/src/store/actionTypes.js b/src/store/actionTypes.js
@@ -87,6 +87,7 @@ const oauth = {
   authorize: {
     read: 'oauth/authorize/read',
     create: 'oauth/authorize/create',
+    delete: 'oauth/authorize/delete',
   },
 }
 

diff --git a/src/store/actions/session.js b/src/store/actions/session.js
@@ -1,11 +1,13 @@
-import { createFSA } from '@fuelrats/web-util/actions'
+import { createFSA, createAxiosFSA } from '@fuelrats/web-util/actions'
 import { HttpStatus } from '@fuelrats/web-util/http'
 import { isError } from 'flux-standard-action'
 
 import { configureRequest, deleteCookie } from '~/helpers/gIPTools'
+import frApi from '~/services/fuelrats'
 
 import actionTypes from '../actionTypes'
 import {
+  selectSessionToken,
   selectPageRequiresAuth,
   selectSession,
   selectUserById,
@@ -22,14 +24,28 @@ import { getUserProfile } from './user'
  * @returns {Function} Redux action thunk
  */
 export const logout = (ctx) => {
-  return (dispatch, getState) => {
+  return async (dispatch, getState) => {
     deleteCookie('access_token', ctx)
+    const curState = getState()
+
+    const token = selectSessionToken(curState)
+
+    dispatch(createAxiosFSA(
+      actionTypes.oauth.authorize.delete,
+      await frApi.request({
+        url: '/oauth2/revoke',
+        method: 'post',
+        data: {
+          token,
+        },
+      }),
+    ))
 
     return dispatch(
       createFSA(
         actionTypes.session.logout,
         {
-          waitForDestroy: Boolean(selectPageRequiresAuth(getState())),
+          waitForDestroy: Boolean(selectPageRequiresAuth(curState)),
         },
       ),
     )