[GeoNode-users] Geonode Logout and OAuth Access Tokens

John, Steffen s.john at atenekom.eu
Tue Jun 26 04:36:46 PDT 2018


Hi,

I'm having GeoNode 2.6 which uses the oAuth Toolkit to authorize the user against Geoserver.
When a user logs in into GeoNode a new Access Token is created and the user is also allowed to request Geoserver-Resources.

After logging out the user, I would expect that the access token is revoked automatically, but this seems not to be the case.

After logging out the user, I'm still able request the WMS using the old (but still valid) access key. This seems not really safe.

Is it possible to configure GeoNode/Geoserver, that the access token is revoked on logout?

Thanks!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20180626/835c6dba/attachment.html>


More information about the geonode-users mailing list