Roundup Tracker - Issues


Author rouilj
Recipients rouilj
Date 2024-03-17.02:48:40
Message-id <>
There is no way to revoke a JWT. However Roundup raises a LoginError if a JWT with an
invalid role is specified.

Could you define per user roles:


and change the schema to remove those roles and restart Roundup to invalidate
a JWT? So if user22's JWT using email_read:user22 is exposed, change the role to:
email_read:user22_1 and restart roundup. The old JWT will raise a LoginError.
Now every JWT with that role will be obsolete. But the scope of JWT is limited
to that user's JWT.

This does lead to a proliferation of roles and I am not sure what the implications
of that are.
Date User Action Args
2024-03-17 02:48:41rouiljsetmessageid: <>
2024-03-17 02:48:41rouiljsetrecipients: + rouilj
2024-03-17 02:48:41rouiljlinkissue2551064 messages
2024-03-17 02:48:40rouiljcreate