Loading...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: Authentication, Registration, Users & Roles
Labels:
- RFE
- committed
- exception
- team-triaged

Epic Name:
Invalidating JWT for global registration
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
PM Score:
2,075
Hierarchy Progress Bar:

71% To Do, 14% In Progress, 14% Done
Release Note Text:
Undefined
Satellite Team:

Rocket
Release Note Status:
Proposed
Target Version:

6.17.0

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Priority Data:
PX Impact Score:

Description

Currently, once a JWT is issued for global registration, there is no clear mechanism for invalidating the token if it becomes compromised or if it is no longer needed. This can potentially expose the system to security vulnerabilities and misuse. We need to implement invalidating JWT tokens manually.

Scope

The users with the “Edit Users” permissions can invalidate ALL JWT token for other users.

A user can invalidate self's token
Conventionally, Admin can invalidate self’s and other users tokens

Out of the scope

Managing JWTs and storing them in the database.
Invalidate one/few JWT(s) of a single/all user(s).
View JWT for user as it is not stored or managed.

Refinement Doc: https://docs.google.com/document/d/1B8oiswj7Fl8FqSSsD6pZhLQ0Ky5D6S6acHuIrrQ6mZ8/edit

is depended on by

SAT-2340 [RFE] Global Registration: Allow invalidating all JWT registration tokens for a user

In Progress

links to

Community post

Assignee:: Girija Soni

Reporter:: Kenny Tordeurs

Reviewer:: Nofar Alfassi

QA Contact:: Shweta Singh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/08/21 1:21 PM

Updated:: 2024/11/05 1:07 PM

Details

Description

Description

Scope

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates