Bug #16159
Updated by Peter Amstutz about 4 years ago
Logging out of workbench should invalidate the current token. (Currently, it just causes the browser to forget it.)
This means:
# workbench (1|2) logout includes API token to be revoked
# if a token is supplied, the logout route in controller expires the token
Need to address the case where the browser "Get API Token" feature needs to create a token in a federated scenario, so that user can get a token that won't be expired when logging out in the browser.