[BUG] JWT logout has no matching route #1710
Comments
3 tasks
|
[Triage] Hi @jochen-kressin, thank you for filing this issue. This seems like a good change that would improve the state of things. We can mark this as triaged. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the bug?
When you login with a JWT using a request header or a query parameter, the token is stored in the authentication cookie.
Hence, there is a logout mechanism for JWT as sell. However, when you click the logout button, the resulting AJAX request returns a 404 because the logout route does not exist.
How can one reproduce the bug?
Steps to reproduce the behavior:
What is the expected behavior?
The user should be logged out and depending on JWT config settings see a non authenticated state.
What is your host/environment?
Do you have any additional context?
I believe this is just a faulty route path definition in JWT's routes: https://github.com/opensearch-project/security-dashboards-plugin/blob/main/server/auth/types/jwt/routes.ts#L29
That path does not correspond to the url used by the logout component.
The text was updated successfully, but these errors were encountered: