PM-5263 - Clear all tokens on logout (#8536)

libs/common/src/auth/services/token.state.ts

@@ -1,5 +1,9 @@
 import { KeyDefinition, TOKEN_DISK, TOKEN_DISK_LOCAL, TOKEN_MEMORY } from "../../platform/state";
 
+// Note: all tokens / API key information must be cleared on logout.
+// because we are using secure storage, we must manually call to clean up our tokens.
+// See stateService.deAuthenticateAccount for where we call clearTokens(...)
+
 export const ACCESS_TOKEN_DISK = new KeyDefinition<string>(TOKEN_DISK, "accessToken", {
   deserializer: (accessToken) => accessToken,
 });

libs/common/src/platform/services/state.service.ts

@@ -1729,7 +1729,9 @@ export class StateService<
   }
 
   protected async deAuthenticateAccount(userId: string): Promise<void> {
-    await this.tokenService.clearAccessToken(userId as UserId);
+    // We must have a manual call to clear tokens as we can't leverage state provider to clean
+    // up our data as we have secure storage in the mix.
+    await this.tokenService.clearTokens(userId as UserId);
     await this.setLastActive(null, { userId: userId });
     await this.updateState(async (state) => {
       state.authenticatedAccounts = state.authenticatedAccounts.filter((id) => id !== userId);