search

ueberauth / guardian_db

Guardian DB integration for tracking tokens and ensuring logout cannot be replayed.
MIT License
368 stars 87 forks source link

Revoking Token thats already been removed throws error rather than returning error #102

Closed rraub closed 5 years ago

rraub commented 5 years ago

We've run into a condition where a request to refresh a token was replayed which resulted in duplicate requests processed at the same time. The first one succeeded and the second one failed with an Ecto.StaleEntryError when trying to revoke and delete the token. Instead of doing a delete on the Model could we just do a delete by the value of the primary key so we can return an {:error} instead of throwing an error?
Similar to: https://github.com/ueberauth/guardian_db/blob/82fb31f84da639d5a43cf698224458bc14289232/lib/guardian/db/token.ex#L66

yordis commented 5 years ago

@rraub would you mind to open a PR with the desired behavior?