mirror of
https://github.com/valitydev/token-keeper.git
synced 2024-11-06 02:15:21 +00:00
23 lines
735 B
YAML
23 lines
735 B
YAML
title: Auth Token Blacklist
|
|
description: >
|
|
Used for banning clients carrying specific auth tokens from using any of our
|
|
public APIs. Entries are separated by their respective authorities. Then, each
|
|
entry in a list is an _identifier_ of some auth token. Example:
|
|
|
|
entries:
|
|
test.rkbmoney.keycloak:
|
|
- "token_a"
|
|
- "token_b"
|
|
test.rkbmoney.apikeymgmt:
|
|
- "token_c"
|
|
|
|
Broadly speaking, what constitutes an _identifier_ depends on which _tokens_
|
|
are we talking about. Though for the foreseeable future, we consider only
|
|
JWTs where JWT's identifier is the value of the 'jti' claim.
|
|
entries:
|
|
test.rkbmoney.keycloak:
|
|
- "token_a"
|
|
- "token_b"
|
|
test.rkbmoney.apikeymgmt:
|
|
- "token_c"
|