In the application, when a user logs out, I would revoke the reference and refresh token for that current session. This is an API and thus other devices can be logged into the application. I want to provide the ability to log out or log out from all devices.
In Identityserver4, when we are logging out, we can use the revocation client to revoke a token:
var client = new TokenRevocationClient(...);
//var result = await client.RevokeAccessTokenAsync(token);
//var result = await client.RevokeRefreshTokenAsync(token);
This, in turn, calls IReferenceTokenStore.RemoveReferenceTokenAsync(string handle).
Now, the question is, how would I revoke all tokens for a user? This means that it should call IReferenceTokenStore.RemoveReferenceTokensAsync(string subjectId, string clientId) instead.
You can inject an instance of IIdentityServerInteractionService and call RevokeTokensForCurrentSessionAsync().
This should lead to calling of IReferenceTokenStore.RemoveReferenceTokensAsync(string subjectId, string clientId).