Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not hard delete access and access tokens in auth service #2819

Closed
2 tasks
mkurapov opened this issue Jul 23, 2024 · 1 comment · Fixed by #2837
Closed
2 tasks

Do not hard delete access and access tokens in auth service #2819

mkurapov opened this issue Jul 23, 2024 · 1 comment · Fixed by #2837
Assignees
@njlie

Comments

@mkurapov
Copy link
Contributor

mkurapov commented Jul 23, 2024
edited
Loading

Context

Original slack thread

Currently in testnet, there is a grants page that shows all of the grants for the user. However, once a user revokes a particular grant (outgoing payment grant), because the grant access is hard deleted from the DB, there is no way to get the grant to match user's wallet addresses anymore. This means in rafiki.money/testnet this grant becomes not visible.

We should not hard delete access when a grant is revoked.
We also hard delete access tokens when a grant is revoked, but for an audit trail, we should soft delete those instead.

Todo

  • Do not hard delete access when a grant is revoked
  • Soft delete accessTokens when a grant is revoked
@mkurapov mkurapov added this to Rafiki Jul 23, 2024
@mkurapov mkurapov converted this from a draft issue Jul 23, 2024
@mkurapov mkurapov changed the title Soft delete access and access tokens in grant service Soft delete access and access tokens in auth service Jul 23, 2024
@mkurapov mkurapov moved this from Backlog to Todo in Rafiki Jul 23, 2024
@mkurapov mkurapov changed the title Soft delete access and access tokens in auth service Do not hard delete access and access tokens in auth service Jul 23, 2024
@mkurapov
Copy link
Contributor Author

@njlie

Based on the Slack message, we wanted to soft delete access. Since it doesn't have any status information/expiry or anything on the access model, I think we just don't do anything to it other than removing the delete call when a grant is revoked.

@njlie njlie moved this from Todo to In Progress in Rafiki Aug 2, 2024
@njlie njlie mentioned this issue Aug 2, 2024
Merged
5 tasks
@github-project-automation github-project-automation bot moved this from Ready for Review to Done in Rafiki Aug 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@njlie njlie

Labels
None yet
Projects
Rafiki
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(auth): soft delete access tokens and grant accesses interledger/rafiki
2 participants
@mkurapov @njlie