Don't allow deleted users to use valid JWT #31

New Issue

Jef Roosens · 2021-08-30T07:33:12Z

Jef Roosens commented

2021-08-30 07:33:12 +00:00

When a user is deleted, their JWT can still be valid for a few minutes. This allows them to log in using a non-existent account, which is a big no no, so we gotta find something to fix this.

Probably related to #30.

When a user is deleted, their JWT can still be valid for a few minutes. This allows them to log in using a non-existent account, which is a big no no, so we gotta find something to fix this. Probably related to #30.

Jef Roosens added this to the (deleted) milestone 2021-08-30 07:33:12 +00:00

Jef Roosens added the

bug

Backend

labels 2021-08-30 07:33:12 +00:00

Jef Roosens changed title from ~~Do'nt allow deleted users to use valid JWT~~ to Don't allow deleted users to use valid JWT

2021-08-30 07:37:12 +00:00

Jef Roosens removed this from the (deleted) milestone 2021-09-04 17:02:54 +00:00

Jef Roosens added the

Security

label 2021-09-13 14:27:59 +00:00

This repo is archived. You cannot comment on issues.