New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JWT authentication improvements #206

tusmester opened this Issue Nov 15, 2017 · 0 comments


None yet
3 participants

tusmester commented Nov 15, 2017

Current features

  • sign it with username/password
  • receive an access and refresh token
  • logout from the current client

New features

  • destroy session on logout (always)
  • check login extender and audit log: they should work with JWT the same way as with forms auth
  • logout api extension: optionally log out from all devices
  • password change: forcefully log out from everywhere (no config needed)

Acceptance criterias:

  • Session object does not exist after logout
  • Login extender and Audit log are called upon JWT login
  • User content type has a LastLoggedOut Datetime field that refreshes on ultimate logout
  • Both token and odata logout have a parameter that tells if it is an ultimate logout
  • User CTD has a patch for the new field
  • Tested on internal dev server.
  • Unit tests actualized
  • Documentation
    • new optional logout parameter
    • configuration for default behaviour

@iviczl iviczl added this to the Sprint 150 milestone Jan 15, 2018

@iviczl iviczl removed the discussion label Jan 15, 2018

@iviczl iviczl assigned kavics and tusmester and unassigned iviczl Jan 23, 2018

@tusmester tusmester modified the milestones: Sprint 150, Sprint 151 Jan 24, 2018

@tusmester tusmester assigned iviczl and unassigned tusmester Jan 31, 2018

@tusmester tusmester closed this Feb 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment