The jwt is invalidated once you logout.
Invalidated how?
You can also change/reset your password to invalidate all login tokens for your account.
OK. I was afraid this would not be the case. Thanks for confirming.
7heo
- 4 Posts
- 24 Comments
Joined 1 year ago
Cake day: May 31st, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
One thing to be aware of is that there is
currently, AFAIK, nonow (since 0.19.3) a way to “disable” a JWT.Before that, once you had created it, if you leaked it, your account was, as far as I can tell, definitely compromised.
Now, it is possible to logout, to mark the JWT as “invalid”.
I will add,
as a disclaimer, that I have not checked ifthat as Nutomic highlighted below, there are conditions (password change, etc) under whichany orall JWT (user,instance, etc) become invalid.So do audit the code if this is something that concerns you. As far as I am concerned, I treat the JWTs as extra-sensitive information, and store them only on machines I own.Edit: correct information in the light of Nutomic’s comments.
As people have answered, it already exists, but not every client has support.
Edit: how tf did you get downvoted in 8h on a dead post??? 😧
3·9 months agoHold on, is that a grant or a donation? (The difference is that a donation is definitive, while there are conditions, such as failing to fulfil an obligation, under which a grant has to be repaid)
2·11 months ago“Belgium nationality”. 💯👍
expired
expired
expired
I can’t wait for the first of April Lemmy RFC featuring actual lemmings… 😛
expired
expired
What’s the count now anyway?
OK there now is a
LoginTokenclass. This was not the case last time I checked. Good. Thanks for your answers.