User tokens are not invalidated when their account is deleted

ben-ryder / localful

Build single-user local-first web apps with a focus on simplicity, interoperability and longevity.

GNU Affero General Public License v3.0

1 stars 0 forks source link

User tokens are not invalidated when their account is deleted #9

Closed ben-ryder closed 1 year ago

ben-ryder commented 1 year ago

When a users account is deleted via /users/:id [POST] their access & refresh tokens are still valid. Right now this should cause a 404 or 500 error on future request but I need to test this and decide if the current functionality is correct or not. At minimum I should write some tests to specifically cover this scenario.

ben-ryder commented 1 year ago

no longer an issue since the server no longer manages token since #2 was implemented