Using SyncManager.addAuthenticationListener() it is possible to listen to events about users e.g. when a user is logged into ROS and logged out again.

The logout case is a bit tricky as we have multiple stages of logout:

1) Soft logout (A users refreshtoken expires)
2) Local logout (A users calls user.logout(). This clears all access tokens, stop sync and try to revoke the token, but other devices can still log the user in.
3) Global logout: Token is revoked, logging the user out across all devices

Especially 3) causes problems for the authentication listener as Device A do not know if Device B revokes the refresh token, except from the fact that various ACCESS DENIED errors will start happening.

This makes it unclear when to actually trigger AuthenticationListener.userLoggedOut(User)

1) Trigger on local logout -> Do we really need the auth listener in that case then?
2) Trigger on global logout locally -> Current behavior. Acceptable? We should probably clarify in docs
3) Try to detect more cases where logout is called. The biggest problem there is that we cannot tell the difference between "true" INVALID ACCESS and a token that has expired.

We also have a problem with the token revocation. That REST call is entirely hidden, so if there are any problems with it, users are currently not notified.

The original implementation was here: https://github.com/realm/realm-java-private/pull/104/files#diff-b3972ee02a88870c7ea29f6a00540d05R201

Back then, users could not log out locally, so a log out could not happen until after talking to the server, which made the case for the AuthenticationListener stronger. Also, the primary source of inspiration was https://firebase.google.com/docs/reference/android/com/google/firebase/auth/FirebaseAuth.AuthStateListener I do not know how Firebase handles the case where another devices logs the user out.