You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently accept any valid JWT token as a database password, which doesn't leave us a way to invalidate an individual token without changing the secret key and invalidating all of them.
To do this we'll need:
To add a really simple postgres table containing usernames to be denied access. This can probably just be a one-column table (plus an index) that we edit manually given the rarity of needing to revoke access. Define the table in app/models/data.py and create a migration .
We currently accept any valid JWT token as a database password, which doesn't leave us a way to invalidate an individual token without changing the secret key and invalidating all of them.
To do this we'll need:
app/models/data.pyand create a migration .@jwt.token_in_blacklist_loader, to check if the token's identity matches a blocklisted username.By all means shout in my general direction if this is unclear or there are any questions.
The text was updated successfully, but these errors were encountered: