djangorestframework-simplejwt icon indicating copy to clipboard operation
djangorestframework-simplejwt copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Harden revoke access token for password changes

Open sevdog opened this issue 2 years ago • 1 comments

This is an enhancement of #719 which:

  • uses django built-in cryptogaphic methods
  • uses the same logic used for session in django (see source)
  • align with the usage of SECRET_KEY_FALLBACKS settings (introduced in v4.1)

It also cleans up a bit the authentication tests: there is no need to replicate every logic of test_get_user in test_get_user_with_check_revoke_token.

sevdog avatar Aug 23 '23 08:08 sevdog

I need this feature. When can it be merged and release?

kosuke-zhang avatar Aug 26 '24 17:08 kosuke-zhang