De-authentication between discord/frontend #100
Comments
walmat
added
type:bug
|
I believe at this point, we have no communication between the discord bot and the frontend of a users machine. The change will eventually propagate as the access jwt we store expires every 2 days IIRC. So the user would still be allowed to use the frontend until the jwt expires. Once the jwt expires, the frontend would then make an api request, find that the key was deactivated, then kick the user to the auth screen. |
|
We should look in-depth into some options for speeding this up. Here are a few off the top of my head. We should discuss them deeper to nail down the pros and cons:
|
|
Maybe do a combination of these? I like the first 3 options honestly. |
|
👍 We can do a combo! Will tackle this after we release the beta |
|
Maybe for the sake of open beta, we just try and tackle #4? |
pr1sm
added
the
priority:high
walmat
added
priority:urgent
|
punting this to a |
Describe the bug
Once a user has "deactivated" from the discord bot by sending
!deactivate <key>, they are still authenticated on a close -> relaunch of the application. Also, the user may notdeactivatefrom the frontend after they have sent the discord bot thedeactivatecommand. While this is the "expected" behavior, we may want to handle this case and just clear the session even if the key is not found or something.To Reproduce
Steps to reproduce the behavior:
!deactivate <key>3a. Attempt to deactivate from the frontend
3b. Attempt to close & reopen the frontend (should be deactivated)
Expected behavior
3a should allow you to deactivate still, and 3b should require reauthentication
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: