Invalidate token on password change

Tmeister / wp-api-jwt-auth

A simple plugin to add JSON Web Token (JWT) Authentication to WP REST API

GNU General Public License v2.0

546 stars 160 forks source link

Invalidate token on password change #262

Open bclaim opened 1 year ago

bclaim commented 1 year ago

Hello,

Currently, when a user changes their password, the token is not invalidated. This could be a security issue, especially during these times. I noticed there is a similar thread mentioning this which has gone off-topic, so I am creating a new issue which will hopefully stay on-topic. Is there a chance this could be implemented with priority?

Thank you.

pesseba commented 1 year ago

This feature is present in this another plugin: https://wordpress.org/plugins/jwt-auth/

bclaim commented 1 year ago

We would appreciate if @Tmeister could provide their input as this issue concerns this plugin and to also keep this post on-topic.