leepeuker
commented
6 months ago I have removed the IsAuthenticated middleware check from the new endpoint, I think we should not tell a user if a auth token really existed, only if the deletion process run without an error. Additionally, the IsAuthenticated middleware should in theory fail if the token is expired, which means you could not delete an expired token which seems not really practical.
Instead we will no return a 400 error if the Auth token header is missing.
This PR adds an API endpoint that can destroy API tokens (manually generated by the user in the settings) and authentication tokens (generated upon login of the user).
Also important to mention that this PR is based on #575 , so that PR has to be merged before this one.
Part of #572