You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
After set revocation by calling revoke-all, can't sign in anymore
To Reproduce
Steps to reproduce the behavior:
Post a request to revoke-all
Sign out and sign in
Expected behavior
All existing auth tokens cannot be used anymore. A new auth token should be able to work.
Additional context
There is no iat in auth token but in authentication.ts:302, if there is oldestValidTokenTimestamp, iat is required in the token. So every auth token will all be invalid.
It's already correct that iat should not be in the auth token as the token can be created again and again by an app i.e. if a request fails, @stacks/storage will try again with a new auth token.
If there is iat in an auth token, revocation will be useless i.e. an app just creates a new auth token with a newer timestamp for iat.
iat should be in an association token which it already is. With this, user needs to sign out and sign in again with a new association token.
So in authentication.ts, checking for revocations should not be in isAuthenticationValid (line 301-316), but should be in checkAssociationToken instead.
PS. I know you all are busy. I just leave a message here that can't use revoke right now or won't be able to access data in that account again. 😭
The text was updated successfully, but these errors were encountered:
Describe the bug
After set revocation by calling revoke-all, can't sign in anymore
To Reproduce
Steps to reproduce the behavior:
Expected behavior
All existing auth tokens cannot be used anymore. A new auth token should be able to work.
Additional context
iatin auth token but in authentication.ts:302, if there is oldestValidTokenTimestamp,iatis required in the token. So every auth token will all be invalid.iatshould not be in the auth token as the token can be created again and again by an app i.e. if a request fails, @stacks/storage will try again with a new auth token.iatin an auth token, revocation will be useless i.e. an app just creates a new auth token with a newer timestamp foriat.iatshould be in an association token which it already is. With this, user needs to sign out and sign in again with a new association token.PS. I know you all are busy. I just leave a message here that can't use revoke right now or won't be able to access data in that account again. 😭
The text was updated successfully, but these errors were encountered: