The TokenService attempts to inform the caller whether a token invalidation was "created". "created":true is intended to imply that the token was previously valid but is now invalid. false indicates that token was already invalid.
However, this doesn't work, and the API already returns true.
https://github.com/elastic/elasticsearch/blob/v6.4.2/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java#L589-L600
There's 2 issues:
- The UpdateRequest never requests the source, so
updateResponse.getGetResult() is always null.
- Even if we did, the
GetResult is the updated source, not the original source, so invalidated will always be true (because we just set it).
The TokenService attempts to inform the caller whether a token invalidation was "created".
"created":trueis intended to imply that the token was previously valid but is now invalid.falseindicates that token was already invalid.However, this doesn't work, and the API already returns
true.https://github.com/elastic/elasticsearch/blob/v6.4.2/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java#L589-L600
There's 2 issues:
updateResponse.getGetResult()is alwaysnull.GetResultis the updated source, not the original source, soinvalidatedwill always betrue(because we just set it).