Skip to content

Provide a mechanism to deauth users #43

Description

@caspiano

Is your feature request related to a problem? Please describe.

It should be possible for an admin to deauthenticate an individual user or a set of users.

Describe the solution you'd like

Provide an option visible to admins on a user's page that invalidates any sessions.
Provide an option to invalidate all user sessions via the admin page.

Additional context

This could be achieved on a user level by keeping the user's id in redis with the time of invalidation.
Incoming JWTs to services will require a quick check of the token's user id, and a comparison of the creation time and time of invalidation

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions