refactor(oidc): Only revoke one token for logout

The server is supposed to revoke any token associated with the token that we revoke.

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>

crates/matrix-sdk/src/authentication/oidc/cross_process.rs

@@ -611,14 +611,11 @@ mod tests {
 
         oidc.logout().await?;
 
-        // Both the access token and the refresh tokens have been invalidated.
+        // The access token has been invalidated.
         {
             let revoked = backend.revoked_tokens.lock().unwrap();
-            assert_eq!(revoked.len(), 2);
-            assert_eq!(
-                *revoked,
-                vec![tokens.access_token.clone(), tokens.refresh_token.clone().unwrap(),]
-            );
+            assert_eq!(revoked.len(), 1);
+            assert_eq!(*revoked, &[tokens.access_token.clone()]);
         }
 
         {

crates/matrix-sdk/src/authentication/oidc/mod.rs

@@ -1556,7 +1556,7 @@ impl Oidc {
 
         let tokens = self.session_tokens().ok_or(OidcError::NotAuthenticated)?;
 
-        // Revoke the access token.
+        // Revoke the access token, it should revoke both tokens.
         self.backend
             .revoke_token(
                 client_credentials.clone(),
@@ -1566,18 +1566,6 @@ impl Oidc {
             )
             .await?;
 
-        // Revoke the refresh token, if any.
-        if let Some(refresh_token) = tokens.refresh_token {
-            self.backend
-                .revoke_token(
-                    client_credentials.clone(),
-                    revocation_endpoint,
-                    refresh_token,
-                    Some(OAuthTokenTypeHint::RefreshToken),
-                )
-                .await?;
-        }
-
         if let Some(manager) = self.ctx().cross_process_token_refresh_manager.get() {
             manager.on_logout().await?;
         }