Skip to content
This repository has been archived by the owner on Jul 28, 2023. It is now read-only.

Invalidate JWT if member removed from team? #98

Open
davco01a opened this issue Dec 4, 2019 · 3 comments
Open

Invalidate JWT if member removed from team? #98

davco01a opened this issue Dec 4, 2019 · 3 comments

Comments

@davco01a
Copy link
Contributor

davco01a commented Dec 4, 2019

Invalidate JWT if member removed from team?
@davco01a
Copy link
Contributor Author

davco01a commented Dec 4, 2019 

David Cohen 4:02 PM
do you think your code dynamically invalidates the JWT if someone gets removed from a GIT team
Bruce Tiffany 4:14 PM
no, they’ll have access until the jwt expires.
David Cohen 4:14 PM
ah OK, thanks
Bruce Tiffany 4:14 PM
yw
David Cohen 4:18 PM
Probably going to open an issue about this, but not urgent
since everything is in a state of flux right now
not sure how the CLI is going to fit in, there are a lot of changes coming in collections moving forward (edited) 
Seems like checking the git team and member access every call might be a performance drag

@davco01a
Copy link
Contributor Author

davco01a commented Jan 8, 2020

talk to @brutif

@davco01a
Copy link
Contributor Author

Difficult to implement, will circle back to Security team

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@davco01a