We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The JWT token is not being invalidated
The request to protected resources must not be allowed when JWT token is invalidated.
The token invalidation can be done using either of the following ways
curl -X DELETE '{backend_url}/store/auth' -H 'Authorization: Bearer {access_token}'
client.auth.deleteSession()
Medusa version (including plugins):
Pre-reqs: Medusa is installed and configured properly with a database.
Login into app as customer
curl -X POST '{backend_url}/store/auth' \ -H 'Content-Type: application/json' \ --data-raw '{ "email": "user@example.com", "password": "supersecret" }'
Logout customer
curl -X DELETE '{backend_url}/store/auth' \ -H 'Authorization: Bearer {access_token}'
Try to retrieve the customer details
curl '{backend_url}/store/auth' \ -H 'Authorization: Bearer {access_token}'
This should fail as the token was invalidated in step: 2
As the token is invalidated, the sub sequent requests to protected entity must throw 401 error.
401
NA
401 is thrown in one case, i.e, when the Authorization header is not present.
Authorization
The text was updated successfully, but these errors were encountered:
I think it's the intended behavior based on the description property here : https://github.com/medusajs/medusa/blob/v1.20.6/packages/medusa/src/api/routes/admin/auth/delete-session.ts
description
You'll probably have to handle this one yourself
Sorry, something went wrong.
No branches or pull requests
Bug report
The JWT token is not being invalidated
Describe the bug
The request to protected resources must not be allowed when JWT token is invalidated.
The token invalidation can be done using either of the following ways
curl -X DELETE '{backend_url}/store/auth' -H 'Authorization: Bearer {access_token}'
client.auth.deleteSession()
System information
Medusa version (including plugins):
Node.js version: v20.11.0
Database: postgres
Operating system: MacOS Ventura
Browser (if relevant): -
Steps to reproduce the behavior
Pre-reqs: Medusa is installed and configured properly with a database.
Login into app as customer
Logout customer
Try to retrieve the customer details
This should fail as the token was invalidated in step: 2
Expected behavior
As the token is invalidated, the sub sequent requests to protected entity must throw
401
error.Screenshots
NA
Code snippets
NA
Additional context
401 is thrown in one case, i.e, when the
Authorization
header is not present.The text was updated successfully, but these errors were encountered: