Hi, 👋 ,
Wondering if there is a way to effectively "deactivate" a user on the supabase auth system; we want to keep the user intact but just stop login.
c
chipilov
02/22/2022, 3:41 PM
You can't really do anything until their JWT expires (by default it's 1 hour)
chipilov
02/22/2022, 3:42 PM
After that you can:
chipilov
02/22/2022, 3:43 PM
1) Revoke their refresh token from auth.refresh_tokens table so they will be forced to login again
2) Change their password in the auth.users (i.e. change the encrypted_password field)
chipilov
02/22/2022, 3:44 PM
I think this is the easiest way to NOT allow them to even login. Another option is to allow them to login but to forbid access to any resources - this means that you need to architecture your permissions to always check if the user has NOT been suspended
t
thewebbeckons
02/22/2022, 6:42 PM
thanks; I think for now we might end up just deleting the user and readding them when we need them back (since their profile data is saved elsewhere). But we do want this type of deactivation ultimately.