Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BE Feat] Add a system to invalidate authentication JWT #82

Closed
juancwu opened this issue Dec 5, 2024 · 0 comments · Fixed by #91
Closed

[BE Feat] Add a system to invalidate authentication JWT #82

juancwu opened this issue Dec 5, 2024 · 0 comments · Fixed by #91
Assignees
@AmirAgassi
Labels
backend Related to the backend of the project enhancement New feature or request
Milestone
Complete the init...

Comments

@juancwu
Copy link
Contributor

juancwu commented Dec 5, 2024

Right now all generated tokens are valid as long as it is not expired. This means that for any token that was generated for a user will still be valid even if the user changed their password (given its not expired). This is not secure in a way if someone loses their account or somehow want to logout from all devices, it won't be able to be done through the backend only.

We need a system to invalidate access/refresh tokens and this process need to take place when the user changes password too.
@juancwu juancwu added enhancement New feature or request backend Related to the backend of the project labels Dec 5, 2024
@AmirAgassi AmirAgassi self-assigned this Dec 6, 2024
@AmirAgassi AmirAgassi linked a pull request Dec 7, 2024 that will close this issue
Feature/82/invalidate-jwt #91
Merged
@AmirAgassi AmirAgassi mentioned this issue Dec 7, 2024
Merged
@SherRao SherRao changed the title Add a system to invalidate authentication JWT [BE Feat] Add a system to invalidate authentication JWT Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AmirAgassi AmirAgassi

Labels
backend Related to the backend of the project enhancement New feature or request
Projects
SPUR Platform
Status: No status
Milestone
Complete the initial project prototype
Development

Successfully merging a pull request may close this issue.

Feature/82/invalidate-jwt KonferCA/SPUR
3 participants
@SherRao @AmirAgassi @juancwu