堆栈内存溢出
  简体   繁体   English

如何手动撤销 Doorkeeper 令牌?

[英]How to manually revoke a Doorkeeper token?

 原文  2017-09-26 17:18:51       ruby-on-rails/ doorkeeper

问题描述

Say I have a user which I have soft-deleted from my system.假设我有一个从系统中软删除的用户。 I want to revoke their tokens as well.我也想撤销他们的代币。 What's the best way of accomplishing this?实现这一目标的最佳方法是什么? Is it as simple as doing something like是否像做类似的事情一样简单

Doorkeeper::AccessToken.where(resource_owner_id: deleted_user.id).each(&:revoke)

or is there a better approach?或者有更好的方法吗?

2 个解决方案

解决方案1
 0  2019-03-01 20:38:34

You can do this, where application_id is a Doorkeeper application ID and resource_owner is the deleted user:您可以这样做,其中application_id是 Doorkeeper 应用程序 ID, resource_owner是已删除的用户:

Doorkeeper::AccessToken.revoke_all_for(application_id, resource_owner)

Since you specifically asked about revoking all tokens for a user (without mentioning applications), your options are:由于您特别询问撤销用户的所有令牌(没有提及应用程序),您的选择是:

  1. Call it once per application ID you want to revoke (should be fine if you have very few application IDs), or每个要撤销的应用程序 ID 调用一次(如果应用程序 ID 很少,应该没问题),或
  2. Call it once, but pass an array of multiple application IDs instead of one (this method worked for me), or调用一次,但传递多个应用程序 ID 的数组而不是一个(此方法对我有用),或
  3. Modify the method to remove the scoping on application ID修改方法以删除应用程序 ID 上的范围

Example of Method 2 that worked for me:对我有用的方法 2 示例:

class User
  def revoke_all_access_tokens!
    application_ids = Doorkeeper::Application.pluck(:id) + [nil]
    Doorkeeper::AccessToken.revoke_all_for(application_ids, self)
  end
end

Note that + [nil] is necessary if you want to also delete tokens that don't have an application ID (depending on how you're using Doorkeeper).请注意,如果您还想删除没有应用程序 ID 的令牌(取决于您使用 Doorkeeper 的方式),则+ [nil]是必要的。

The code for this method is small and easy to understand, if you need to customize it. 此方法代码很小且易于理解,如果您需要对其进行自定义。

解决方案2
 0  2021-07-08 04:05:46

The answer of @Justin Workman is great. @Justin Workman 的回答很棒。

After I checked the implement of revoke_all_for method在我检查了revoke_all_for方法的实现之后

      def revoke_all_for(application_id, resource_owner, clock = Time)
        by_resource_owner(resource_owner)
          .where(
            application_id: application_id,
            revoked_at: nil,
          )
          .update_all(revoked_at: clock.now.utc)
      end

I found that if you want to revoke all tokens of a resource owner regardless of the application, you can just call:我发现,如果您想撤销资源所有者的所有令牌,而不管应用程序如何,您只需调用:

Doorkeeper::AccessToken.by_resource_owner(resource_owner).where(revoked_at: nil).update_all(revoked_at: Time.now.utc)

We can save a db call which figure out all application_ids.我们可以保存一个 db 调用来找出所有的 application_id。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 门卫撤销令牌 - Doorkeeper Revoke Token 通过POST撤消Rails Doorkeeper令牌 - Revoke Rails Doorkeeper Token via POST Rails 使用 doorkeeper gem 撤销令牌 - Rails revoke token using doorkeeper gem 如何将门卫访问令牌作为json返回 - How to return Doorkeeper access token as json 令牌可变的门卫 - Doorkeeper with variable token expiration 门卫刷新令牌和并发 - Doorkeeper refresh token and concurrency 如何使用 Doorkeeper 实现 custom_access_token_expires_in 方法? - How to implement a custom_access_token_expires_in method with Doorkeeper? 门卫/ oauth /令牌 - 空白响应 - Doorkeeper /oauth/token - blank response 无法覆盖门卫中的自定义令牌错误响应 - Unable to override custom token error response in doorkeeper Doorkeeper-如果用户不是管理员,则拒绝访问令牌请求 - Doorkeeper - Reject access token request if user not an admin
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM