Why store temporary sign in tokens and how to prune them?
Hey. ash_authentication with
First of all, I'm not sure if it's intended behavior. Why do we need to store a tmp token for sign in?
Secondly, I can't find a way to prune it from my DB. I delete the actual token on user sign out, same way as ash_hq does, but I don't have access to that temporary token to delete it -> this leads to handing outdated records in tokens table.
Deleting all the tokens for a user is not an option afaiu - because user might have multiple sessions.
Can I somehow prevent ash from storing these temporary tokens in DB, while keeping real auth tokens?
Maybe there's a way to prune those tmp tokens properly? (e.g. ask ash to mark them somehow and create an Oban job
sounds dirty tbh)
@Zach Daniel don't you have DB in ash_hq polluted with these temporary tokens after enabling
store_all_tokens?sign_in_tokens_enabledFirst of all, I'm not sure if it's intended behavior. Why do we need to store a tmp token for sign in?
Secondly, I can't find a way to prune it from my DB. I delete the actual token on user sign out, same way as ash_hq does, but I don't have access to that temporary token to delete it -> this leads to handing outdated records in tokens table.
Deleting all the tokens for a user is not an option afaiu - because user might have multiple sessions.
Can I somehow prevent ash from storing these temporary tokens in DB, while keeping real auth tokens?
Maybe there's a way to prune those tmp tokens properly? (e.g. ask ash to mark them somehow and create an Oban job
sounds dirty tbh)@Zach Daniel don't you have DB in ash_hq polluted with these temporary tokens after enabling
sign_in_tokens
The Elixir backend framework for unparalleled productivity. Declarative tools that let you stop wasting time. Use with Phoenix LiveView or build APIs in minutes for your front-end of choice.
2,193Members
Resources
Similar Threads
Was this page helpful?
