>Sending the user to reauthorize again and again when they've already seen a
>block is not going to help with anything.
Perhaps I'm misunderstanding, but why would that _"again and again"_
reauthorisation need to happen?
My suggestion was _not_ about invalidating tokens every time a user logs in and
sees a block; instead it was about invalidating tokens exactly once (i.e. at
the moment when DWG or whoever creates the actual block in their backend admin
interface).
If that suggestion is technically viable, invalidating all sessions at block
time would force a user to re-login, and if login form is also modified to
display the blocking message, it should make sure that user will see a block
message no matter what app they use (as they need to login again, and that
would show the message).
As a main advantage to such flow, only admin blocking backend and login form
need to change, and no app need to change their code (other proposed solutions
I've seen so far seem to require that each and every app be updated, and until
all have done so, there always remain a chance the user will never see the
block)
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/5490#issuecomment-2585751117
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/issues/5490/2585751...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev
