adsviewer / turboviewer

A bunch of cool stuff for viewing, optimizing and growing your digital ad portfolio.
https://app.adsviewer.io
MIT License
3 stars 0 forks source link

Invited User can create organization after being removed. #344

Closed dennislobster closed 2 months ago

dennislobster commented 2 months ago

I was able to invite dennis.kreeft@faire.com to my org (parent: dennis.kreeft@hotmail.com) and did the following:

trixobird commented 2 months ago

We are using JWT for authorization/authentication. This means when we remove a user from an org, the user's token is intact, therefore they will have all the access that they used to have. This will last 5' at most, this token will expire and after the refresh they won't have access to that org any more.