Roundup Tracker - Issues

Message7965

Author rouilj
Recipients rouilj
Date 2024-03-17.02:48:40
Message-id <1710643721.06.0.358757176187.issue2551064@roundup.psfhosted.org>
In-reply-to 
There is no way to revoke a JWT. However Roundup raises a LoginError if a JWT with an
invalid role is specified.

Could you define per user roles:

  email_read:user21
  email_read:user22

and change the schema to remove those roles and restart Roundup to invalidate
a JWT? So if user22's JWT using email_read:user22 is exposed, change the role to:
email_read:user22_1 and restart roundup. The old JWT will raise a LoginError.
Now every JWT with that role will be obsolete. But the scope of JWT is limited
to that user's JWT.

This does lead to a proliferation of roles and I am not sure what the implications
of that are.
History
Date User Action Args
2024-03-17 02:48:41rouiljsetmessageid: <1710643721.06.0.358757176187.issue2551064@roundup.psfhosted.org>
2024-03-17 02:48:41rouiljsetrecipients: + rouilj
2024-03-17 02:48:41rouiljlinkissue2551064 messages
2024-03-17 02:48:40rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020