Ensures that logout actually removes all sessions

src/plus/subscription/authenticationProvider.ts

@@ -138,6 +138,42 @@ export class SubscriptionAuthenticationProvider implements AuthenticationProvide
 		}
 	}
 
+	@debug()
+	public async removeSessionsByScopes(scopes?: string[]) {
+		const cc = Logger.getCorrelationContext();
+
+		try {
+			scopes = scopes?.sort();
+			const scopesKey = getScopesKey(scopes);
+
+			const removed: AuthenticationSession[] = [];
+
+			let index = 0;
+
+			const sessions = await this._sessionsPromise;
+
+			for (const session of sessions) {
+				if (getScopesKey(session.scopes) !== scopesKey) {
+					index++;
+					continue;
+				}
+
+				sessions.splice(index, 1);
+				removed.push(session);
+			}
+
+			if (removed.length === 0) return;
+
+			await this.storeSessions(sessions);
+
+			this._onDidChangeSessions.fire({ added: [], removed: removed, changed: [] });
+		} catch (ex) {
+			Logger.error(ex, cc);
+			void window.showErrorMessage(`Unable to sign out of GitLens+: ${ex}`);
+			throw ex;
+		}
+	}
+
 	private _migrated: boolean | undefined;
 	async tryMigrateSession(): Promise<AuthenticationSession | undefined> {
 		if (this._migrated == null) {

src/plus/subscription/subscriptionService.ts

@@ -282,6 +282,11 @@ export class SubscriptionService implements Disposable {
 		if (this._session != null) {
 			void this.container.subscriptionAuthentication.removeSession(this._session.id);
 			this._session = undefined;
+		} else {
+			// Even if we don't have a session, make sure to remove any other matching sessions
+			void this.container.subscriptionAuthentication.removeSessionsByScopes(
+				SubscriptionService.authenticationScopes,
+			);
 		}
 
 		if (reset && this.container.debugging) {