search

ueberauth / guardian_db

Guardian DB integration for tracking tokens and ensuring logout cannot be replayed.
MIT License
368 stars 87 forks source link

Add a column to optionally store the jti of the refresh token used to generate an access token. #136

Open idyll opened 1 year ago

idyll commented 1 year ago

Problem Statement

We're seeing a couple of use cases where we want to revoke a refresh token and any access tokens connected to that refresh token.

We need a way to connect the tokens and then revoke any access tokens that were generated from the refresh token.

Solution Brainstorm

To support this I imagine adding a column to the table that optionally tracks the refresh token. The refresh token could then just cascade delete its dependent tokens.

Thoughts?

It seems like a pretty clean way to revoke a refresh and any access tokens that were made from it...

yordis commented 1 year ago

PR welcome! 🙏🏻

idyll commented 1 year ago

We're just getting back around to this now. Someone will open a PR with this change once we've finished it.