-
Notifications
You must be signed in to change notification settings - Fork 5
Revoke all tokens
Martijn van der Ven edited this page May 6, 2018
·
1 revision
Do you fear your tokens have been compromised? Has someone possibly gained access to your database file?
The solution is not to empty the tokens table. Theoretically, because all tokens are random, you could end up recreating one of your compromised tokens. What you want to do is revoke the compromised tokens so they can no longer be used.
Mintoken implements IndieAuth’s revoke action, but that can only revoke one token at a time. If you really want to revoke all valid tokens at once, use the following SQL:
UPDATE tokens SET revoked = CURRENT_TIMESTAMP WHERE revoked IS NULL;