Service Account tokens will be invalid after restarting Auth service

In auth service, since InMemoryTokenStore is used as TokenStore by default, so the client tokens in Service Account will be invalid after Auth service be restarted. And the tokens also cannot be able be deleted by admin after Auth service be restarted. Shall we keep the Service Account tokens in database rather than in memory, and make sure these tokens are still valid after restarting Auth service?

Hi @yinshangwei,

It seems reasonable, though I’m trying to remember - isn’t the authoritative source of these in the Consul KV? I thought on an Auth service restart it’d go back to that. It’s been a few years though so I could be mistaken.


Hi @joshzamor,

Is there any way we can keep these tokens still valid even after restarting Auth service or rebuild the OpenLMIS(if we keep the database preserved). Because these tokens still existed in auth.api_keys and auth.oauth_client_details table.