Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/ui

Describe the bug

When "sign out all active sessions" are pushed in admin console, offline tokens are invalidated, but offline sessions are still displayed in "sessions". They should be removed from "sessions", because offline tokens are invalid.

Version

25.0.1

Regression

• The issue is a regression

Expected behavior

Offline sessions in admin console "sessions" are removed when "sign out all active sessions" are pushed, and offline tokens are also invalidated.

Actual behavior

When "sign out all active sessions" are pushed in admin console, offline tokens are invalidated, but offline sessions are still displayed in "sessions".

How to Reproduce?

• Take access token and refresh token(offline token) with "offline_access" scope
• See "sessions" in admin console, and offline session is displayed
• Push "sign out all active sessions"
• Use offline token in token refresh flow. Response is "400 Bad Request: "{"error":"invalid_grant","error_description":"Stale token"}"{"error":"invalid_grant","error_description":"Stale token"}" and access token is not returned.
• See "sessions" in admin console, and offline session is still displayed

Anything else?

No response