Add note on refresh token invalidation on pw change

2026-01-30 11:18:03 -05:00 · 2020-07-07 11:23:38 -04:00
parent 8fc4b783c9
commit 1ed6b8b3a8
1 changed files with 6 additions and 0 deletions
--- a/src/services/users.ts
+++ b/src/services/users.ts
@@ -21,6 +21,12 @@ export const readUser = async (pk: string | number, query?: Query) => {
 };

 export const updateUser = async (pk: string | number, data: Record<string, any>, query?: Query) => {
+	/**
+	 * @todo
+	 * Remove "other" refresh token sessions when changing password to enforce "logout everywhere" on password change
+	 *
+	 * Maybe make this an option?
+	 */
 	return await ItemsService.updateItem('directus_users', pk, data, query);
 };