Comment 6 for bug 1041396
Revision history for this message
| Dolph Mathews (dolph) wrote Re: Token validation includes revoked roles | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
"Granting and revoking roles from a user is not reflected upon token validation for pre-existing tokens. Pre-existing tokens continue to be valid for the original set of roles for the remainder of the token's lifespan, or until explicitly invalidated."
The proposed patch invalidates all tokens held by a user upon role grant/revoke to circumvent the issue.