ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Purpose

This WS is designed to terminate users authenticated session based on a valid access token.

Key points

  1. Only authenticated user with a valid access token can perform logout process.

  2. Logout process terminates current access token for user and client as well as refresh token.

Specification

Apiary

Validations

Authorization

  • Verify the validity of the access token

    • in case of error - return 401 (“Invalid access token”)

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

Service logic

  1. Expire access token from Authorization header based on token type:

    1. if opaque - update values in mithril database, tokens table, set:

      1. expired_at = now()

      2. updated_at = now()

    2. if JWT - create key in redis cache with name blacklist_jti_<<token_id>>, where token_id = jti value from token, TTL = time between now() and exp of token;

  2. Get refresh_token value from access token, expire it, update values in mithril database, tokens table, set:

    1. expired_at = now()

    2. updated_at = now()

  • No labels

ЕСОЗ - публічна документація