Skip to content

Revoke tokens on logout #3138

New issue
New issue
Closed
#3149
Closed
Revoke tokens on logout#3138
#3149
Labels
BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: HighImpact: HighSecurity
Milestone
v2.1.0
@mssalvatore

Description

@mssalvatore
mssalvatore
opened on Mar 23, 2023

Describe the bug

It seems that authentication tokens are not invalidated/revoked on logout (server-side). This could allow a token to be reused after logout.

Tasks

  • Add a function to the AuthenticationService that revokes all of user's tokens and call it from the endpoint (0.75d) - @VakarisZ

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: HighImpact: HighSecurity

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions