I’m writing an application that uses Kong to help with user authentication. I have an API that has a sign up route that will create a new Kong Consumer for the user and there is also a log in route that will check a username/password in my database. If the password and username match, then my API will create a Kong JWT credential on the Kong Consumer object, use those values to issue a JWT token, and finally return it to the client.
My use case is that when a user clicks the forgot password button and updates their password, I want to delete all the existing JWT credentials as a way to log them out of all their current sessions. Currently, I don’t see a way to delete all the existing credentials in one call, so I’m just paginating through the list credentials route and calling delete on each one. Over time, as a user logs into different computers or mobile devices, they could end up having a lot of credentials, which just adds a lot of extra network traffic.
I would love a route like DELETE /consumers/:consumerId/jwt or something along those lines where I could delete all the credentials with one network call, and I’m happy to write the code for it given we can agree on what the route should look like.
Any thoughts on this? Does this use case make sense? Or am I completely missing an easy way to do this?