From 76b7b32e2331846f3c1526b10cf6a34a9e7bff65 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Mon, 28 Sep 2020 13:05:20 -0500
Subject: [PATCH] Revoke OAuth token on logout, fixes #445

---
 app/soapbox/actions/auth.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/soapbox/actions/auth.js b/app/soapbox/actions/auth.js
index 50a26cd3c..09a225bf5 100644
--- a/app/soapbox/actions/auth.js
+++ b/app/soapbox/actions/auth.js
@@ -145,7 +145,17 @@ export function logIn(username, password) {
 
 export function logOut() {
   return (dispatch, getState) => {
+    const state = getState();
+
     dispatch({ type: AUTH_LOGGED_OUT });
+
+    // Attempt to destroy OAuth token on logout
+    api(getState).post('/oauth/revoke', {
+      client_id: state.getIn(['auth', 'app', 'client_id']),
+      client_secret: state.getIn(['auth', 'app', 'client_secret']),
+      token: state.getIn(['auth', 'user', 'access_token']),
+    });
+
     dispatch(showAlert('Successfully logged out.', ''));
   };
 }