Closed solverat closed 4 years ago
A combination of ideas 2 and 3 would be awesome. IMO, having the possibility to enable/disable and set a TTL for cleaning up the identities would make it most flexible.
EDIT: If disabled, nothing happens. If enabled and TTL = 0, then expiresAt
will be taken into account.
Some ideas for clean-up sso-identites
Idea I
Implement maintenance tasks, which removes all SsoIdentites with
:expiresAt < :now'
anduser:password IS NULL
.Idea II
Implement maintenance tasks, which removes all SsoIdentites with
:expiresAt < (:now + :custom_ttl)
anduser:password IS NULL
.custom_ttl
: Can be configured in settings (members.oauth.expired_ttl
) with a default value of0
.Idea III
Make task optional and disabled/enabled by default? (enable/disable it within configuration
members.oauth.clean_up_expired: false/true
.@aarongerig: WDYT?