New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Since #806 blacklisting fails if USER_ID_CLAIM is something other than user_id #868

Closed

vainu-arto opened this issue Feb 24, 2025 · 1 comment

Contributor

vainu-arto commented Feb 24, 2025

https://github.com/JaeHyuckSa/djangorestframework-simplejwt/blob/048bfaa4fa9208c92703b796cda96b062e7344ba/rest_framework_simplejwt/tokens.py#L268 contains the same old attempt at optimizing away a database query. This works fine as long as USER_ID_CLAIM is configured to be user_id, but if it's something else this fails. The obvious fix is to use USER_ID_CLAIM to retrieve a User object and feed that into OutstandingToken.objects.get_or_create instead of the thing which we hope to be a raw user_id.

Contributor

vgrozdanic commented Feb 26, 2025

This should be fixed in #851, @Andrew-Chen-Wang is preparing a new release and in v5.5.0 this should be fixed.

I will mark it as closed, please feel free to reopen if i missed something

vgrozdanic closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment