Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passive Pruning of OutstandingTokens #432

Open
Andrew-Chen-Wang opened this issue Jul 9, 2021 · 0 comments
Open

Passive Pruning of OutstandingTokens #432

Andrew-Chen-Wang opened this issue Jul 9, 2021 · 0 comments
Labels
help wanted
Milestone
5.0.0

Comments

@Andrew-Chen-Wang
Copy link
Member

Andrew-Chen-Wang commented Jul 9, 2021
edited
Loading

Currently, the only way to prune the database of old tokens in the blacklist app is to run a manage.py command. It's simple if you have a cron job or celery to run Django's call_command.

However, if you take into consideration most users will be following a practice of

  1. obtaining both tokens
  2. refreshing the access token
  3. refresh token eventually expires, the frontend is told that it has expired, and, if user credentials are saved, repeat from step 1.

During step 3, if the refresh token is valid / is just simply expired, then we can send a delete op to the db to prune it. This doesn't resolve the problem of the frontend itself deleting its tokens saved on its keychains/cookies or clients who delete the app and thus a refresh token is never sent. Ofc, the workaround is to always prune on every new expiration (don't think it'd be a good idea for the obtain view). Thoughts?
@Andrew-Chen-Wang Andrew-Chen-Wang added this to the 5.0.0 milestone Jul 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
5.0.0
Development

No branches or pull requests
1 participant
@Andrew-Chen-Wang