The ApiGrant needs to be unusable as soon as it is exchanged for a token. We can soft delete these, but I'd like to merge this as it resolves an immediate security bug. I can issue new PRs for the necessary model changes to support soft deletions.
I'll take a look at the cleanup script. It should be removing these that are expired regardless of how old they actually are. Ironically, the cleanup script purging these might have been created to deal with the fallout of this bug. 🤔
The
ApiGrant
needs to be unusable as soon as it is exchanged for a token. We can soft delete these, but I'd like to merge this as it resolves an immediate security bug. I can issue new PRs for the necessary model changes to support soft deletions.I'll take a look at the cleanup script. It should be removing these that are expired regardless of how old they actually are. Ironically, the cleanup script purging these might have been created to deal with the fallout of this bug. 🤔
_Originally posted by @mdtro in https://github.com/getsentry/sentry/pull/68910#discussion_r1571438578_