New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Token is not invalidated #7236
Comments
I think it's the intended behavior based on the You'll probably have to handle this one yourself |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
The JWT token is not being invalidated
Describe the bug
The request to protected resources must not be allowed when JWT token is invalidated.
The token invalidation can be done using either of the following ways
curl -X DELETE '{backend_url}/store/auth' -H 'Authorization: Bearer {access_token}'
client.auth.deleteSession()
System information
Medusa version (including plugins):
Node.js version: v20.11.0
Database: postgres
Operating system: MacOS Ventura
Browser (if relevant): -
Steps to reproduce the behavior
Pre-reqs: Medusa is installed and configured properly with a database.
Login into app as customer
Logout customer
Try to retrieve the customer details
This should fail as the token was invalidated in step: 2
Expected behavior
As the token is invalidated, the sub sequent requests to protected entity must throw
401
error.Screenshots
NA
Code snippets
NA
Additional context
401 is thrown in one case, i.e, when the
Authorization
header is not present.The text was updated successfully, but these errors were encountered: