> I know, that is why I specifically put "reasonable" filter word. I know about
> workarounds like showing 403 response message and about
> [streetcomplete/StreetComplete#6062
> (comment)](https://github.com/streetcomplete/StreetComplete/issues/6062#issuecomment-2565450817)
Deleting the token is a workaround. This workaround is not going to work for
non-needs_view blocks. You're not even asking to make it work for
non-needs_view blocks.
Sending the user to `/login?referer=%2Fuser%2Fusername%2Fblocks` is a
workaround that somewhat works for non-needs_view blocks too and is not
affected by GDPR. (*)
Don't care about non-needs_view blocks and want a simpler workaround? Send
users to `/login`. (**)
But what if the token is actually invalid? Isn't it useless to do (*) or (**)
in this case? You can check the token at `/oauth2/introspect`, hopefully a
*reasonable* endpoint to check tokens that works even for blocked users. Again,
deleting a valid token and sending the user to get a new one because you want
the side-effect of them also seeing the block message is a workaround.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/5490#issuecomment-2587074465
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/issues/5490/2587074...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev
