Open claudusd opened 2 years ago
I have a question about disable a user an introspect his token.
First i generate a token for my user
curl -s -u $CLIENT_ID:$CLIENT_SECRET --data-urlencode "username=claudusd" --data-urlencode "password=Azerty@123456" --data-urlencode "scope=openid" --data-urlencode "grant_type=password" -H "Content-Type:application/x-www-form-urlencoded" $URL/$DOMAIN/oauth/token)
After that is disable my user
curl -X PUT -H "authorization: Bearer $TOKEN" -H "Content-Type: application/json" --data '{"enabled": false}' $URL/management/organizations/DEFAULT/environments/DEFAULT/domains/03cbe712-145f-4cc2-8be7-12145f0cc21c/users/783466fd-4cdd-45b3-b466-fd4cdd35b324/status
And finally i introspect my token
curl --http1.1 -H "Authorization: Basic $BASIC" --data-urlencode "token=$JWT" -H "Accept: application/json" $URL/$DOMAIN/oauth/introspect
I have this result
{ "sub" : "783466fd-4cdd-45b3-b466-fd4cdd35b324", "identity_id" : "06ec813f-72d8-4e1f-ac81-3f72d8ae1f53", "iss" : "https://XXXX/YYYY/oidc", "active" : true, "token_type" : "bearer", "client_id" : "88437dd6-e35d-4f0f-837d-d6e35dbf0ff1", "scope" : "openid", "domain" : "03cbe712-145f-4cc2-8be7-12145f0cc21c", "exp" : 1634233552, "iat" : 1634226152, "jti" : "Jfgnzl5-AKnGN1EhkOz2JE_Zi6Q7IPVF-NImhIpu49M", "username" : "claudusd" }
The introspect attribute active is set to true
active
true
I expected to have the token introspection result :
{ "active" : false }
If I disable a user the auth is disable but the introspection should return false too. I am wrong or not ?
false
Version used: latest graviteeio/am-gateway:3
Thanks,
Hi @claudusd ,
It's actually a good question :). Let me discuss with the team and come back to you.
Have you discuss about this ?
I have a question about disable a user an introspect his token.
Current Behavior
First i generate a token for my user
After that is disable my user
And finally i introspect my token
I have this result
The introspect attribute
active
is set totrue
Expected Behavior
I expected to have the token introspection result :
If I disable a user the auth is disable but the introspection should return
false
too. I am wrong or not ?Your Environment
Version used: latest graviteeio/am-gateway:3
Thanks,