Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support API token blacklisting and add API /logout endpoint #3933

Closed
redshiftzero opened this issue Nov 15, 2018 · 0 comments · Fixed by #4349
Closed

Support API token blacklisting and add API /logout endpoint #3933

redshiftzero opened this issue Nov 15, 2018 · 0 comments · Fixed by #4349
Labels
api security

Comments

@redshiftzero
Copy link
Contributor

Description

We should:

  • store a table of blacklisted API tokens server-side
  • add a /logout endpoint to add API tokens to the blacklist
  • ensure that tokens used to access token_required endpoints are not in the blacklist, else we 403
@redshiftzero redshiftzero mentioned this issue Nov 15, 2018
Closed
@eloquence eloquence changed the title API token blacklisting Support API token blacklisting and add API /logout endpoint Jan 11, 2019
@eloquence eloquence added the api label Jan 11, 2019
This was referenced Jan 11, 2019
Closed
Closed
@eloquence eloquence removed this from the Long Term Product Backlog milestone Mar 28, 2019
@heartsucker heartsucker mentioned this issue Apr 16, 2019
Merged
1 task
@redshiftzero redshiftzero mentioned this issue Jun 4, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Logout to revoke tokens freedomofpress/securedrop
2 participants
@eloquence @redshiftzero