Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not possible to delete the data of JWT users #4347

Open
rthouvenin opened this issue Jul 30, 2024 · 1 comment
Open

Not possible to delete the data of JWT users #4347

rthouvenin opened this issue Jul 30, 2024 · 1 comment

Comments

@rthouvenin
Copy link

MongooseIM version: 6.2.1
Installed from: docker

I have configured a MongooseIM instance with JWT authentication and RDBMS (postgresql) storage for mam and inbox, and for GDPR compliancy I would like to be able to delete all the personal data of a user from the Admin HTTP API.

I am able to connect to the API and request the list of users, but the returned list is empty and requesting the delete of a user yields the reply "User does not exist or you are not authorized properly".
The users table is indeed empty, but all the users that connected to the server and exchanged messages have records in the table mam_server_user and data in mam_message or inbox tables.

How can I delete the data of a user when I am using JWT authentication? Is there another API endpoint that behaves differently? Do I need to register users, even though it is not needed for them to connect and use the server ?

@JanuszJakubiec
Copy link
Contributor

Currently, MongooseIM does not support a built-in feature to delete all personal data of unregistered users when using JWT authentication.
We have added this feature to our backlog.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants