Don't allow deleted users to use valid JWT #31

Open
opened 2021-08-30 09:33:12 +02:00 by Jef Roosens · 0 comments

When a user is deleted, their JWT can still be valid for a few minutes. This allows them to log in using a non-existent account, which is a big no no, so we gotta find something to fix this.

Probably related to #30.

When a user is deleted, their JWT can still be valid for a few minutes. This allows them to log in using a non-existent account, which is a big no no, so we gotta find something to fix this. Probably related to #30.
Jef Roosens added this to the (deleted) milestone 2021-08-30 09:33:12 +02:00
Jef Roosens added the
bug
Backend
labels 2021-08-30 09:33:12 +02:00
Jef Roosens changed title from Do'nt allow deleted users to use valid JWT to Don't allow deleted users to use valid JWT 2021-08-30 09:37:12 +02:00
Jef Roosens removed this from the (deleted) milestone 2021-09-04 19:02:54 +02:00
Jef Roosens added the
Security
label 2021-09-13 16:27:59 +02:00
This repo is archived. You cannot comment on issues.
There is no content yet.