search

interledger / rafiki

An open-source, comprehensive Interledger service for wallet providers, enabling them to provide Interledger functionality to their users.
https://rafiki.dev/
Apache License 2.0
231 stars 82 forks source link

Do not hard delete access and access tokens in auth service #2819

Closed mkurapov closed 4 weeks ago

mkurapov commented 1 month ago

Context

Original slack thread

Currently in testnet, there is a grants page that shows all of the grants for the user. However, once a user revokes a particular grant (outgoing payment grant), because the grant access is hard deleted from the DB, there is no way to get the grant to match user's wallet addresses anymore. This means in rafiki.money/testnet this grant becomes not visible.

We should not hard delete access when a grant is revoked. We also hard delete access tokens when a grant is revoked, but for an audit trail, we should soft delete those instead.

Todo

mkurapov commented 1 month ago

@njlie

Based on the Slack message, we wanted to soft delete access. Since it doesn't have any status information/expiry or anything on the access model, I think we just don't do anything to it other than removing the delete call when a grant is revoked.