Skip to content

Provide a mechanism to deauth users #43

New issue
New issue
Open
Open
Provide a mechanism to deauth users#43
Labels
priority: lowtype: enhancementnew feature or requesttype: new featureA new featuretype: securityIssue related to Security
@caspiano

Description

@caspiano
caspiano
opened on Nov 23, 2021

Is your feature request related to a problem? Please describe.

It should be possible for an admin to deauthenticate an individual user or a set of users.

Describe the solution you'd like

Provide an option visible to admins on a user's page that invalidates any sessions.
Provide an option to invalidate all user sessions via the admin page.

Additional context

This could be achieved on a user level by keeping the user's id in redis with the time of invalidation.
Incoming JWTs to services will require a quick check of the token's user id, and a comparison of the creation time and time of invalidation

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority: lowtype: enhancementnew feature or requesttype: new featureA new featuretype: securityIssue related to Security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions