Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: list active user sessions #232

Closed
wants to merge 1 commit into from
Closed

feat: list active user sessions #232

wants to merge 1 commit into from

Conversation

oleobal
Copy link
Contributor

@oleobal oleobal commented Aug 14, 2023
edited
Loading

Description

Requires Substra/substra-backend#698

Closes FL-1145

How to test

Notes for developers and reviewers:

  • Think to update CHANGELOG.md before merge if needed !

@oleobal
feat: list active user sessions
fe6bafc 
Signed-off-by: Olivier Léobal <[email protected]>
@linear
Copy link

linear bot commented Aug 14, 2023

FL-1145 Make sessions visible on the frontend

Context

There are three types of sessions a user can start:

  • Logging in on the frontend: JWT
  • Logging in the SDK via Client.login: implicit bearer token (IBT)
  • Creating an API token in the front: bearer token (BT)

Only BTs are visible to the user via the "API tokens" page.

This is a security anti-pattern, it should be possible for users to see the entire list of active sessions on the frontend, and terminate them if they wish (= a button send a signal to the backend that the token should be revoked)

Specification

Implementation will differ for JWTs and IBTs.

IBTs: implementation is easy, it's the same as with the regular tokens

JWTs: are they even revokable from the API?

Thought needs be given to UI (see David Endico)

Probably make a new page, call it "active sessions" that has both JWTs and IBTs.

Acceptance criteria

Users can see and terminate sessions on the frontend

@oleobal
Copy link
Contributor Author

oleobal commented Aug 16, 2023

to be reopened one day maybe

@oleobal oleobal closed this Aug 16, 2023
@oleobal oleobal deleted the feat/visible-active-sessions branch August 16, 2023 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HamdyD HamdyD Awaiting requested review from HamdyD HamdyD will be requested when the pull request is marked ready for review HamdyD is a code owner

@jmorel jmorel Awaiting requested review from jmorel jmorel will be requested when the pull request is marked ready for review jmorel is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@oleobal