You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After logging in using access credentials, the user is able to perform an explicit log-out.
This should invalidate the JWT token such that no other API operations are possible.
Current Behavior
After logout the user can still perform arbitrary API operations using its token. Hence, the token is not
invalidated.
Possible Solution
Console should issue a delete for the session token to MinIO when the user logs out.
Steps to Reproduce (for bugs)
Login to the web UI
Copy the JWT token - e.g. via the developer console
Issue a curl request (e.g. S3 GET) using the token
Context
Security
The text was updated successfully, but these errors were encountered:
Expected Behavior
After logging in using access credentials, the user is able to perform an explicit log-out.
This should invalidate the JWT token such that no other API operations are possible.
Current Behavior
After logout the user can still perform arbitrary API operations using its token. Hence, the token is not
invalidated.
Possible Solution
Console should issue a delete for the session token to MinIO when the user logs out.
Steps to Reproduce (for bugs)
Context
Security
The text was updated successfully, but these errors were encountered: