clxxiii
commented
1 year ago I've thought a lot about this, and here's the idea I think would be best moving forward:
Move refresh_token, access_token, expires_at, and token_type from DiscordAccount and User into their own tables, DiscordOauth and OsuOauth respectively, (I am aware that this is how it used to be, after working with tokens more, it is much better to keep it seperate.)
This way, when a user removes access on the osu! dashboard, they are signed out from the website whenever their token was going to expire (or whenever can't use the access token anymore), and we just remove the oauth object from the table. Currently, a refresh/access token can't be blank, so when a token is invalid, we have to keep storing it, which leads to confusion
In the current system, user data refreshing completely breaks if users use the "revoke access" button. Ideally, the revoke access button should just temporarily remove that user's sign in sessions. User objects & data as is, cannot be removed due to foreign key contraints (if that's a major problem it's something I can look into.)
But yea, I just need to fix the current problem which is actually refreshing data if the user revokes, and signs back in.