Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability for inference backend to revoke auth refresh tokens #2175

Merged
merged 10 commits into from
Mar 25, 2023
Merged

Add ability for inference backend to revoke auth refresh tokens #2175

merged 10 commits into from
Mar 25, 2023

Conversation

olliestanley
Copy link
Collaborator

@olliestanley olliestanley commented Mar 22, 2023
edited
Loading

An admin endpoint is provided to revoke all refresh tokens for a given user ID. This is achieved by storing hashed refresh tokens in a backend DB table.

@olliestanley olliestanley marked this pull request as ready for review March 24, 2023 13:06
@AbdBarho
Copy link
Collaborator

quick question, where would would we need this functionality? for malicious actors? when the user logs out?

@olliestanley
Copy link
Collaborator Author

olliestanley commented Mar 24, 2023
edited
Loading

quick question, where would would we need this functionality? for malicious actors? when the user logs out?

I don't know if we strictly need it, but it's a common practice. As refresh tokens are much longer-lived compared to access tokens, if one were compromised it potentially gives the attacker a long window, so it might be useful to have this ability in place in case it's ever required for that use case

@olliestanley
Copy link
Collaborator Author

olliestanley commented Mar 25, 2023
edited
Loading

I think this is ready to merge now - tested locally with text client - but will wait for @yk review

yk
yk approved these changes Mar 25, 2023
View reviewed changes
Copy link
Collaborator

@yk yk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you

@olliestanley olliestanley merged commit a4fc767 into LAION-AI:main Mar 25, 2023
@olliestanley olliestanley mentioned this pull request Mar 31, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yk yk yk approved these changes

@AbdBarho AbdBarho AbdBarho approved these changes

@andreaskoepf andreaskoepf Awaiting requested review from andreaskoepf andreaskoepf is a code owner

Assignees
No one assigned
Labels
inference
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@olliestanley @AbdBarho @yk