Does the oauth2/logout user invalidate any refresh tokens issued to the user

I am using the /oauth2/logout endpoint to log a user out of fusionauth as described here.

I know that the JWT will be valid till it expires and we can use webhooks to invalidate it if needed before expiry. But do we need to explicitly expire any refresh token issued to the user or does fusionauth automatically invalidates them?

Solution

The OAuth2 core specification doesn't include token revocation. But revoking tokens has been specified through an "extension" to the standard (see RFC7009).

The thing is, API providers generally don't include a URL in their API to handle token revocation. They mostly rely on access_token expiration.

With this said, as per FusionAuth only, I've found this issue that explain why it's not broadly supported.

FusionAuth support for signed and encrypted assertions
ValidationError(Ingress.spec.rules[0].http): missing required field "paths"
Spring cloud gateway with fusionauth custom tenant
Swagger change UI parameters using Fastendpoints
Does FusionAuth use a random salt for each password in Salted PBKDF2 HMAC SHA-256?
Fusion Auth is not redirecting to the Expo App oauth callback route after authorization
Groups claim missing from JWT generated by fusionauth while setting up sso with fusionauth
How can I expose FusionAuth on Ubuntu + Apache to connect from browser?
Significance of setRelaxVerificationKeyValidation() in JwtConsumerBuilder() while validating the JWT
Don't understand how to logout of FusionAuth from Django Application
Can you set an Application's Client Secret using a kickstart file? FusionAuth
Running MariaDB instead of Postgresql on Fusionauth Docker
Java code for verification of FusionAuth HS256 signed id token
How to append string and variable in terraform
Set Password email by application
FusionAuth OTP Oauth Login
FusionAuth ElasticSearch for users with expiry field
Creating Tenant in FusionAuth with java
Start FusionAuth in docker(-compose) with productive mode
Access fusionAuth-app UI from outside container (external access)?
Multi tenant OAuth with FusionAuth
Node with Fusionauth passport-oauth OAuth2Strategy Error: Failed to obtain access token
Bypass setup wizard in fusion auth to create application
FusionAuth sendSetPasswordEmail not sending Set Password Email when creating a user
FusionAuth setting preferred languages using the java client
Object constructor with the same object as parameter
FusionAuth Authorization
FusionAuth Lambdas
/oauth/token vs /api/login FusionAuth
How to generate the signed and encrypted JWT access token in FusionAuth