Password grant type: access token for blocked account

Created on 13 January 2022, almost 3 years ago

Updated 22 May 2023, over 1 year ago

Firstly, tahks for your job!!!

It was the great idea in #2841236: Password grant endpoint: do not allow authentication, when user is blocked → but it is still allowed to get access token for blocked user in v5.2.
#2976463: Blocked user Bearer token regeneration issue → works as expected, but why the module allows to obtain an access token when account is already blocked?

I propose use the proposed method from #2841236: Password grant endpoint: do not allow authentication, when user is blocked → if it's possible. Otherwise no way to recognize the user status before tne next request with obtained access token.

🐛 Bug report

Status

RTBC

Version

5.2

Component

Code

Created by

🇷🇺Russia validoll Ekaterinburg

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇨🇿Czech Republic marysmech
I have tested latest patch and it works perfectly.
Comment over 1 year ago →
🇧🇪Belgium dieterholvoet Brussels

Production build 0.71.5 2024