[Feature Request] Logout or Invalidate Auth/Refresh token through Nakama backend

[abmaurya]

Using single_socket makes sure that there’s only one active sessions by disconnecting the previous login. The problem with this solution is that single_socket only disconnects socket, does not log out the user from that other device(previous login). This could pose as a security flaw as the auth token and refresh token are still valid.
There should be a way to invalidate these tokens(tokens from older login) or simply log out the older login maybe through a configuration along side single_socket on the backend.

Forum discussion:

My comment:
https://forum.heroiclabs.com/t/preventing-users-from-having-multiple-sessions/36/13

Chris Molozian's comment:
https://forum.heroiclabs.com/t/preventing-users-from-having-multiple-sessions/36/14

Chris has provided a solution in the above comment but that is still not secure because it is not Nakama authoritative which would be the most secure scenario.

[UmarBhatPlaystrom]

+1