add stories
This commit is contained in:
@@ -0,0 +1,28 @@
|
||||
# Manage JWT Blocklist
|
||||
|
||||
**ID:** ADM-007
|
||||
**Priority:** Medium
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As a platform administrator, I want to view and manage the JWT blocklist so that I can revoke tokens during security incidents and verify that revocations are working.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] View all blocked JWT IDs with metadata
|
||||
- [ ] Search blocklist by JWT ID or user
|
||||
- [ ] Manually add JWTs to blocklist
|
||||
- [ ] View reason for each blocklist entry
|
||||
- [ ] Blocklist entries show expiration (when they can be removed)
|
||||
- [ ] Bulk revoke all tokens for a user
|
||||
- [ ] Bulk revoke all tokens for an organization
|
||||
- [ ] Automatic cleanup of expired blocklist entries
|
||||
|
||||
## Technical Notes
|
||||
- JwtManager has `blockedJwtIdList` infrastructure
|
||||
- `pushOrGetJwtIdBlocklist` endpoint exists
|
||||
- Need admin UI for blocklist management
|
||||
- ReceptionHousekeeping could handle cleanup
|
||||
- Consider Redis for high-performance blocklist checks
|
||||
|
||||
## Related TODOs
|
||||
- Enhancement to existing blocklist infrastructure
|
||||
Reference in New Issue
Block a user