Remove refresh token

  • johannschnagl

    (@johannschnagl)


    9 months ago

    I just tried and deleted a test user from my wordpress site. The user was logged in and continued to use his refresh token to get new access tokens.
    What is the best way to handle this?

    • I expected you code to check if the user exists on a token refresh
    • I assume I could use the wo_before_token_method hook and just die if the user doesn’t exist any more
    • I assume I could just delete the user’s refresh tokens from the database when the user is deleted.

  • The topic ‘Remove refresh token’ is closed to new replies.