Soft purge setting `revoked_at` instead of destroying auth tokens?

Question

Soft purge setting `revoked_at` instead of destroying auth tokens?

Closed this issue 6 years ago · 2 comments

I noticed that in the purge_old_tokens method that a destroy_all operation is used. My use case requires that I keep all my authorization tokens granted.

What do you think about setting a revoked_at timestamp instead of deleting the records?

Answer 1 · 2019-01-12T22:00:14.000Z

@edwinthinks This is essentially what paranoia does. You could add paranoia to your authentication token model to prevent them from being lost.

Answer 2 · 2019-01-14T03:59:44.000Z

@djkotowski good point! I didn't think to utilize paranoia in conjunction with this gem. That works, I'll close this ticket unless it makes sense to add the option soft delete without paranoia or some form of documentation :).