Calling a logout function does not invalidate a DID token. A DID token is just proof that a user was authenticated, and each DID token has an expiration of 15 minutes by default.

The only way for a once-valid DID token to be invalidated is for it to expire. That's why it's best to create short-lasting DID tokens when the user is logged in and re-generate them as needed (if needed) by your application. (see for more information on customizing DID Tokens)
Was this article helpful?
Thank you!