it be nice an option to like select all and mass Delete all the login tokens i have roughly 1000 tokens
and id like to mass delete them in 1 click the pain of clicking each one and manual delete is a pain in the butt
but a 1 click or a click delete the Open Token Database be a great feature
i guessing on the 1000 but its alot
I’d chime in.
Maybe it’d be even better to have a per user setting after how many days tokens get auto deleted?
Or a “delete all tokens older than xx days” button in the profile page?
Tried with this script(s) but to no avail.
Just here to bump this.
Literally no reason to ever save tokens longer than a day. They should auto expire and delete unless you manually make a long term one. Logouts should always be automated after time; not just from a button press.
Manual removal en-mass is acceptable as a temporary workaround.
Tokens are also needed for mobile app otherwise the apps will randomly stop updating sensors and stuff. So there is a good reason to save them.
for me i dont use mobile app just desktop pc… and sometimes it looses the remember password… if i clear or what not… but i constantly have login tokens more then 2 yrs its just a pain to click each one and hit enter… to delete the 1000s of tokens for just maybe 2 or 3 pcs
and with HA filling up diskspace now and using the purge isnt really helping as i not adding etc… i also figured maybe tokens taking up diskspace and be nice to purge all the tokens in 1 button click or something or even an auto renew… like DHCP if your not connected the lease is gone to be renewed
as like i mentioned i haven tokens from 2 yrs ago… for the same computer or computers that i dont have anymore that should get auto erased
Chiming in on this as well. It seems like every time I close the browser and then reopen it and reconnect to HA I get a new token, so these stale tokens fill up quickly without manual management.
If there’s a concern about mobile devices, I could see this as having one of three options that could alleviate it:
Mobile Devices switch over to using a long term access token (highest risk, because if a device is compromised then that device still has access until that one token is manually revoked).
Deletion of tokens should be not on age, but last access. This could be user definable or (not preferred) a hard coded age, say 30 days.
White list specific devices and not delete their tokens. Don’t know if this one is possible since it looks like HA tracks tokens by the requesting IP address, which can change depending one where the device is connecting from.
In all, I believe option 2 would be the easiest to implement (don’t ask me to do it, I’m not a Python dev), and would serve a majority of the concerns. This would also move HA to be more along the lines of most other web-based apps that I see that may show “signed in sessions” (which an admin can force sign out) but once the token expires it is purged automatically.
edited
I rescind my comment. My request is exactly what was implemented. A delete all tokens button is available at the bottom of the list, followed by a long-lived token list.
Still be nice if they simply disappeared after 3 months or something…but workable.
The delete all button exists and refresh tokens are now deleted when not used for three months.
Closing this as implemented.