search

dachcom-digital / pimcore-members

Pimcore Object, Asset and Document Restriction & Frontend Authentication
Other
54 stars 34 forks source link

[SSO] Clean-Up expired Identities #122

Closed solverat closed 4 years ago

solverat commented 4 years ago
Q A
Bug report? no
Feature request? yes
BC Break report? no
RFC? yes

Some ideas for clean-up sso-identites

Idea I

Implement maintenance tasks, which removes all SsoIdentites with :expiresAt < :now' and user:password IS NULL.

Idea II

Implement maintenance tasks, which removes all SsoIdentites with :expiresAt < (:now + :custom_ttl) and user:password IS NULL.

custom_ttl: Can be configured in settings (members.oauth.expired_ttl) with a default value of 0.

Idea III

Make task optional and disabled/enabled by default? (enable/disable it within configuration members.oauth.clean_up_expired: false/true.

@aarongerig: WDYT?

aarongerig commented 4 years ago

A combination of ideas 2 and 3 would be awesome. IMO, having the possibility to enable/disable and set a TTL for cleaning up the identities would make it most flexible.

EDIT: If disabled, nothing happens. If enabled and TTL = 0, then expiresAt will be taken into account.