Closed BrennanPaciorek closed 1 month ago
I have made more substantial changes since this was approved. @AlanCoding Can you review the changes in this commit in particular?
That commit makes some changes to make sure that we don't add any roles via JWT auth which cannot be removed via JWT auth. It should be the last change to the application code I make before merging this.
Issues
1 New issue
0 Accepted issues
Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code
Every time a user authenticates with JWT, all user role assignments unlisted in the decrypted JWT are removed from the database.
AAP-25531