Question about logout and invalidation

[Shtutnik]

Hi,

In short - does this project support "single log out" meaning that when logging out my session (or tokens) are invalidated across all applications?

Some more details:

I am following this diagram - https://raw.githubusercontent.com/awslabs/aws-amplify-identity-broker/master/Documentation/Images/SimplifiedProjectScope.png

I have website1, website2 and a login application and I open two tabs in my browser.
In the first tab I browse to website1, which redirects me to the login application, I login and am redirected back to website1.
Now in the second tab I browse to website2, of course this time I am logged in already, so after some redirects I am in website2 without needing to provide any login details.

Now the tricky part - I go back to the website1 tab and press on "logout". Then I go to the website2 tab and try to browse and perform things on the website.

My expectation would be that the system should "throw" me out back to the login page right when he browser tries perform any request which requires authentication.

So the question is, does this actually happen and the tokens I have are invalidated across all applications once I log out in any one of them? And the next question would be how is that performed?

Many many thanks for the efforts put into making this super helpful project!

[sandrodesouza]

aws-amplify-identity-broker/src/pages/Logout/Logout.js

Line 86 in 1f0e89f

Auth.signOut(); // Sign the user out

change it to

// Sign the user out
Auth.signOut().then(() => {
window.location.reload() // Reload the page to handle the client redirect
})