User-Generated Tokens Causing Project Config Changes

[cakleimeier]

I have a site running Craft CMS 3.5.19.1 and Patron 2.4.0. I've noticed something occurring that could cause problems, if I'm understanding the process correctly. As far as I'm able to tell, each time a user authorizes my site with an OAuth login, a Token is generated. That action also creates a new a Project Config YAML file for that new Token in the config/project/plugins/patron/tokens directory.

This would cause un-version-able Project Config changes to occur on the live environment, which I anticipate being difficult to work with. Every time a user authorizes the app on the live site, a new Token file will appear in the Project Config folder, which I will have no way of tracking and which may cause Project Config conflicts.

Is there some way to work around that issue or to disable a new file from being created for each token? Or I am missing something? Should I just gitignore that directory?

Thanks for your help and your time!

[nateiler]

Hello,

I actually haven't used this in a manner where there are a lot of integration logins; primarily I use a single integration user which results in a token or two. Not to say your use case is incorrect, I just haven't considered it before.

I suppose the best long term approach would be to set a flag to disable the tokens from being managed under project config. I'll need to do some testing around this to make sure they use case works well, but I think that's the best direction.