jason810496 commented on PR #49531: URL: https://github.com/apache/airflow/pull/49531#issuecomment-2821625108
> I was looking to store this in DB. In that case, should we start a discussion on the dev mailing list or channel about whether we want to introduce storing `jti` in the DB for tracking and invalidating JWTs? > This is for invalidating the token when the user logs out. I also checked the current implementation: it seems logout is handled entirely on the frontend by clearing `localStorage`. --- I'm not sure if anyone has discussed adding the JWT in an HTTP-only cookie for authentication. This approach would allow us to control the authentication flow on the server side. For logout, we would simply need to clear the corresponding key in the HTTP-only cookie in FastAPI route. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
