Skip to content

Token is still valid after the password changed or the user deleted #10095

Open
@lambdaxs

Description

@lambdaxs

Is your feature request related to a problem? Please describe.
The token also can vaild, when I change my password or delete user subAccount.
I find some config(nacos.core.auth.plugin.nacos.token.expire.seconds:18000) to control the token's expiration time, but if I shorten it, token will invaild quickly. So, I think we can import a new check token plan, when user context changed.

Describe the solution you'd like
1.add password_change_time feild in user table
2.add timer to load user list into Mem cache, and judge user info when check jwt token
3.add config item to ctrl duration for timer

Describe alternatives you've considered
rt

Additional context
rt

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions