Uploaded image for project: 'mod-authtoken'
  1. mod-authtoken
  2. MODAT-56

validate user deactivation when checking access token

    XMLWordPrintable

Details

    • CP: sprint 77
    • 3
    • Core: Platform

    Description

      This is one of the proposed solutions to UIU-1324 (the other being implementing support for refresh tokens in the UI/Stripes).

      The idea is to validate user deactivation (and potentially other user properties, e.g expiration or removal) at the time the token is checked in mod-authtoken. This would be similar to how permissions are enforced.

      The benefit of this approach is that it can be introduced transparently to the FOLIO UI and other clients (e.g edge modules).

      The disadvantage is that it would impose additional performance penalty on the auth check operation – to limit this penalty we would need to cache the user record between auth checks.

      TestRail: Results

        Attachments

          Issue Links

            blocks

            Bug - A problem which impairs or prevents the functions of the product. UIU-1324 Users that are deleted or deactivated can stay logged in in folio until their token expires (=for a VERY long time)

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            relates to

            New Feature - New feature requests FOLIO-1233 Implement refresh tokens

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. FOLIO-2366 The folio-testing-backend builds fail, missing dependency mod-authtoken requires users

            • TBD - To be determined
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. MODAT-58 Do NOT check user for dummy token

            • TBD - To be determined
            • Closed

            New Feature - New feature requests MODLOGSAML-92 SSO Logout does not destroy SAML session

            • TBD - To be determined
            • Closed

            New Feature - New feature requests MODLOGSAML-94 Provide SLO (Single Log Out) endpoint to be called by SSO IdP

            • TBD - To be determined
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. STCOR-532 Logout from FOLIO, keep SSO login

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Activity

              People

                hji Hongwei Ji
                jakub Jakub Skoczen
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases