fix: add revoked user check to VerifyEmail and VerifyOTP by lakhansamani · Pull Request #491 · authorizerdev/authorizer
Navigation Menu
{{ message }}
authorizerdev / authorizer Public
- Notifications You must be signed in to change notification settings
- Fork 204
Merged
fix: add revoked user check to VerifyEmail and VerifyOTP#491
lakhansamani merged 3 commits intomainfrom
fix: add revoked user check to VerifyEmail and VerifyOTP#491
lakhansamani merged 3 commits intomainfrom
Conversation
Copy link Copy Markdown
Contributor
lakhansamani
commented
Mar 1, 2026
lakhansamani
commented
Summary
- Added
RevokedTimestampcheck inVerifyEmailandVerifyOTPafter fetching user - Prevents revoked users from obtaining valid tokens through email/OTP verification
Test plan
- Verify revoked users cannot verify email or OTP
- Verify non-revoked users can still verify normally
Fixes #480
lakhansamani added 3 commits
March 1, 2026 11:47Both VerifyEmail and VerifyOTP were missing the RevokedTimestamp check that Login correctly implements. A revoked user could verify email/OTP and obtain valid tokens. Fixes #480
lakhansamani
merged commit
085a391
into
main
lakhansamani
deleted the
fix/verify-email-otp-revoked-check
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
1 participant