I logged in on postman to check api paths and when I am logging out the authentication token which was generated at the time of login is not removing and still there
It happens basically in a default way that token will be removed when logging out but I tried some methods creating and calling them in the controller but its not working there
If you logout the token should get invalidated. User should be treated as Unauthorized (401) no matter if the token exists in the headers or not. You can always remove the header manually if that is bothering you.