art-dag/celery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README with /auth/revoke-user documentation

Browse Source 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
gilesb
2026-01-09 22:23:05 +00:00
parent e485384d2f
commit 2cfe0f2bd2
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -37,7 +37,8 @@ The server provides a web interface at the root URL:
| `/recipe/{id}` | Recipe detail page |
| `/media` | Browse cached media files |
| `/auth` | Receive auth token from L2 |
| `/auth/revoke` | Revoke a token (called by L2 on logout) |
| `/auth/revoke` | Revoke a specific token |
| `/auth/revoke-user` | Revoke all tokens for a user (called by L2 on logout) |
| `/logout` | Log out |
| `/download/client` | Download CLI client |
@@ -62,9 +63,11 @@ export L1_PUBLIC_URL=https://celery-artdag.rose-ash.com
### Token revocation
When a user logs out of L2, L2 calls `/auth/revoke` on all attached L1s. L1 maintains a Redis-based revocation list:
When a user logs out of L2, L2 calls `/auth/revoke-user` on all attached L1s. L1 maintains a Redis-based token tracking and revocation system:
- Revoked tokens stored in Redis with 30-day expiry
- Tokens registered per-user when authenticating (`artdag:user_tokens:{username}`)
- `/auth/revoke-user` revokes all tokens for a username
- Revoked token hashes stored in Redis with 30-day expiry
- Every authenticated request checks the revocation list
- Revoked tokens are immediately rejected