From 1ed6b8b3a82e7fb435ddcf9201a2862cc38b68b9 Mon Sep 17 00:00:00 2001
From: rijkvanzanten <rijkvanzanten@me.com>
Date: Tue, 7 Jul 2020 11:23:38 -0400
Subject: [PATCH] Add note on refresh token invalidation on pw change

---
 src/services/users.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/services/users.ts b/src/services/users.ts
index 913d07276d..d672a4ccca 100644
--- a/src/services/users.ts
+++ b/src/services/users.ts
@@ -21,6 +21,12 @@ export const readUser = async (pk: string | number, query?: Query) => {
 };
 
 export const updateUser = async (pk: string | number, data: Record<string, any>, query?: Query) => {
+	/**
+	 * @todo
+	 * Remove "other" refresh token sessions when changing password to enforce "logout everywhere" on password change
+	 *
+	 * Maybe make this an option?
+	 */
 	return await ItemsService.updateItem('directus_users', pk, data, query);
 };