Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token Revocation #7

Closed
joestubbs opened this issue Sep 30, 2021 · 2 comments
Closed

Token Revocation #7

joestubbs opened this issue Sep 30, 2021 · 2 comments
Assignees
@joestubbs
Labels
1.3 release
Milestone
1.1 release

Comments

@joestubbs
Copy link
Contributor

In order to support long-lived tokens and for other reasons, we want to be able to revoke or invalidate individual JWTs. One approach to the implementation is to have a new endpoint,
DELETE /v3/tokens/
which would add the token to a persistent data store of "revoked tokens". This in turn could be implemented with a fast in-memory system like Redis, and the row representing a revoked token could be set to expire whenever the token itself expired (because if the token is expired it won't pass validation anyway). This will prevent the table from becoming too big over time.

Since services are responsible for validating tokens directly, it might be ideal to put the check to see if a token has been revoked in the nginx layer. This would prevent every service from having to implement the check. There seems to be some support in nginx for validating JWT, see https://www.nginx.com/blog/validating-oauth-2-0-access-tokens-nginx/
@joestubbs joestubbs mentioned this issue Sep 30, 2021
Closed
@joestubbs joestubbs self-assigned this Oct 7, 2021
@joestubbs
Copy link
Contributor Author

Initial design document completed: https://confluence.tacc.utexas.edu/display/CIC/Token+Revocation

@Vera-b Vera-b added the 1.1 release Part of 1.1 release label Nov 23, 2021
@joestubbs joestubbs added this to the 1.1 release milestone Nov 30, 2021
@Vera-b Vera-b removed the 1.1 release Part of 1.1 release label Nov 30, 2021
@Vera-b Vera-b added the 1.2 release 1.2 V3 release label Apr 20, 2022
@joestubbs joestubbs added 1.3 release and removed 1.2 release 1.2 V3 release labels Jul 15, 2022
joestubbs added a commit that referenced this issue Aug 25, 2022
@joestubbs
This commit adds support for token revocation (see #7). It also updat…
3239932 
…es authenticator to the latest flaskbase image., including pyjwt v2.
@joestubbs
Copy link
Contributor Author

released with 1.2.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joestubbs joestubbs

Labels
1.3 release
Projects
None yet
Milestone
1.1 release
Development

No branches or pull requests
2 participants
@joestubbs @Vera-b