Skip to content

fix(securityController): token revocation#2663

Open
inkedsquid wants to merge 1 commit into
2-devfrom
fix/KZLPRD-1314-token-revocation
Open

fix(securityController): token revocation#2663
inkedsquid wants to merge 1 commit into
2-devfrom
fix/KZLPRD-1314-token-revocation

Conversation

@inkedsquid

Copy link
Copy Markdown
Contributor

What does this PR do ?

Fixes an issue where revokeTokens only deleted session tokens (JWTs) from the cache, leaving persistent API keys fully intact and visible when calling searchAPIKeys.

How should this be manually tested?

  • Step 1: Create a new user in Kuzzle.
  • Step 2: Create a new API key for this user.
  • Step 3: Run searchAPIKeys for the user and verify the key is present in the list.
  • Step 4: Revoke the user's tokens using revokeTokens.
  • Step 5: Run searchAPIKeys again and verify that the API key is no longer present in the list.

@inkedsquid inkedsquid self-assigned this Jun 25, 2026
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant