Can access UserAPI even after logout using same token.
LaxmanMaharjan opened this issue · comments
Laxman Maharjan commented
We can access UserAPI even after logout using same token which was provided during login.
So before access UserAPI, token should be checked if it is blacklisted i.e logged out.