Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UAS] Verify the JWT Token Has Not Been Revoked #10

Open
andrewdimmer opened this issue Mar 2, 2021 · 0 comments
Open

[UAS] Verify the JWT Token Has Not Been Revoked #10

andrewdimmer opened this issue Mar 2, 2021 · 0 comments
Labels
API For work on the API bug Something isn't working unallocated Currently not allocated to someone to work on Unified Authentication System (UAS) For all work pertaining to the Unified Authentication System (UAS)

Comments

@andrewdimmer
Copy link
Contributor

Describe the bug
The basic functionality provided by the Firebase Admin library does not verify that the token has not been revoked. This needs to be implemented separately (see https://firebase.google.com/docs/auth/admin/manage-sessions).

Expected behavior
The UAS system should validate that the token provided to it is still valid, and treat the user as PUBLIC if it is not.
@andrewdimmer andrewdimmer added bug Something isn't working Unified Authentication System (UAS) For all work pertaining to the Unified Authentication System (UAS) API For work on the API labels Mar 2, 2021
@andrewdimmer andrewdimmer changed the title UAS: Verify the JWT Token Has Not Been Revoked [UAS] Verify the JWT Token Has Not Been Revoked Mar 2, 2021
@andrewdimmer andrewdimmer added the unallocated Currently not allocated to someone to work on label Mar 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API For work on the API bug Something isn't working unallocated Currently not allocated to someone to work on Unified Authentication System (UAS) For all work pertaining to the Unified Authentication System (UAS)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrewdimmer