https://supabase.com/ logo
#help
Title
# help
t

thewebbeckons

02/22/2022, 3:32 PM
Hi, 👋 , Wondering if there is a way to effectively "deactivate" a user on the supabase auth system; we want to keep the user intact but just stop login.
c

chipilov

02/22/2022, 3:41 PM
You can't really do anything until their JWT expires (by default it's 1 hour)
After that you can:
1) Revoke their refresh token from auth.refresh_tokens table so they will be forced to login again 2) Change their password in the auth.users (i.e. change the encrypted_password field)
I think this is the easiest way to NOT allow them to even login. Another option is to allow them to login but to forbid access to any resources - this means that you need to architecture your permissions to always check if the user has NOT been suspended
t

thewebbeckons

02/22/2022, 6:42 PM
thanks; I think for now we might end up just deleting the user and readding them when we need them back (since their profile data is saved elsewhere). But we do want this type of deactivation ultimately.