Make it possible for a user to be prevented from logging in again. The use case is an administrator revoking access for someone who has left the organisation.
Delete the user's password.
Delete the user's TOTP if any.
Delete the user's recovery codes if any.
Delete the user's sessions if any.
Keep the user's logs.
airblade
commented
3 years ago
Make it possible for a user to be prevented from logging in again. The use case is an administrator revoking access for someone who has left the organisation.
Delete the user's password. Delete the user's TOTP if any. Delete the user's recovery codes if any. Delete the user's sessions if any. Keep the user's logs.