DonKoko
commented
1 week ago hey @rphlmr . Can you tell me what you think of this approach?
Closed rajeshj11 closed 1 week ago
DonKoko
commented
1 week ago hey @rphlmr . Can you tell me what you think of this approach?
rphlmr
commented
1 week ago I think we can do that in a simpler way (without updating the user schema).
1. Revoke tokens
On password updates, we could call supabase.auth.admin.signOut() with the scope others
Note: the admin version requires a jwt. I think it is the user's access_token.
Then, 2 options.
isExpiringSoon (middleware that trigger a refresh xx min before expiration).or
refreshToken is revoked with a DB select on the auth.refresh_tokens table (Supabase reserved table in the auth schema) revoked column.
Ex: select revoked from auth.refresh_tokens where auth.refresh_tokens.token = 'fEZ1ECs1jy7a7TvSTM5uUg' and auth.refresh_tokens.user_id = 'ab14586f-6ef1-4e85-8bda-9a003424775c'DonKoko
commented
1 week ago Thanks Rapha and Rajesh for the PR and comments. I am not convinced with this approach, and I think the other one we had was still a bit better. Going to close this PR for now and revive it in the future if needed.
rajeshj11
commented
1 week ago @DonKoko Hey, could you please check this PR? I've addressed the feedback.
logout all sessions on password reset
changes:
-> if we want to reduce the load on PSQL. we can go with Redis. it is open source but it is an independent service that we need to configure in the docker file. (we need to do setup and maintenance regularly) -> Another one we can use is Cloud Redis. supabase has below third-party redis(this needs an account which adds cost to the project. But we don't need to do any maintenance) https://supabase.com/docs/guides/functions/examples/upstash-redis
If we want to go with Redis. I recommend normal Redis as it is open source and it does not add cost to the project.
why redis?