user refresh tokens still active after user deactivation. #12858
Description
Describe the bug
When disabling a user in Authentik, the refresh tokens associated with the users are not deactivated.
It also seems like the user is able to refresh its token.
To Reproduce
Create a user -> create refresh tokens -> deactivate the user -> Try to use the token.
Expected behavior
I expect all tokens/permissions associated with the user to be deleted/rewoked.
Screenshots
If applicable, add screenshots to help explain your problem.
Logs
Version and Deployment (please complete the following information):
[2024.10.4]
helm (https://charts.goauthentik.io)
More information:
I "solved" this by deleting the user and lowering the refresh token validity period.
Only after user deletion, the user cannot refresh its token after it expired.