simple-jwt-login icon indicating copy to clipboard operation
simple-jwt-login copied to clipboard

Published 20 hours ago verified publisher icon nicumicle

bug: When middleware enabled, user is still authenticated after JWT has been revoked

Open jonathanrich1986 opened this issue 9 months ago • 1 comments

Bug Report

Plugin Version

3.5.5

PHP Version

8.1.23

WordPress Version

6.5.3

Bug description

I have the setting "All WordPress endpoints checks for JWT authentication" enabled. However when I revoke a JWT, the user is still getting set as the current user for a request. I have checked that the token is definitely revoked using the validate endpoint. I would expect the response to return 401 if the token has been revoked.

jonathanrich1986 avatar May 08 '24 13:05 jonathanrich1986

Hi @jonathanrich1986 ,

Thanks for reporting this bug.

The issue is fixed now. You can download the plugin with the fix from https://simplejwtlogin.com.

I will do a release soon to include this change. :rocket:

Best Regards, Nicu.

nicumicle avatar May 09 '24 08:05 nicumicle

@nicumicle Thanks this works now

jonathanrich1986 avatar May 15 '24 15:05 jonathanrich1986