Description
I observed that Authorization Bearer token is not invalidated after a logout.
Steps to produce
Step 1: Login to Nifi as usual.
Step 2: Copy the authorisation bearer token after the login from /nifi-api/access/token response.
Step 3: Make a request a curl request as below and observe http 200 response is received with status information.
curl -v -H "Authorization: Bearer <Token>" https://nifi-server/nifi-api/flow/status
Step 4: Log out from Nifi Console
Step 5: Repeat Step 3 and observe again http 200 response is received with status information even though the user has logged out.
Attachments
Issue Links
- relates to
-
NIFI-6280 Re-evaluate handling of Authorization bearer token during JWT logout
- Resolved
- links to