OAuth tokens aren't removed on account deletion

Status: This content is read-only, or is not open for further replies.

stromb0li

Guest

offline

OP
Apr 4, 2026
0
47

It looks like oauth tokens aren't cleaned up during account deletion.

The User entity's _postDelete() doesn't seem to invoke cleanup on these tables, nor do I see anything in DeleteCleanUpService.php

Tables in question:

xf_api_login_token
xf_oauth_token
xf_oauth_request
xf_oauth_refresh_token

Show hidden low quality content

Status: This content is read-only, or is not open for further replies.

Facebook Reddit Pinterest WhatsApp Email Link

Home
Community
Rss Feed
Xenforo RSS

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top Bottom