Index for refresh_tokens on deletion by user_id not used properly #1449
Labels
bug
Something isn't working
Comments
|
Looks similar to this issue I found with recovery_token index #1398 |
J0
added a commit
that referenced
this issue
Mar 4, 2024
…ueries (#1454) ## What kind of change does this PR introduce? Use the nil instance ID so that we can leverage the compound index on instance_id and user_id when performing search and deletion Aims to address #1449 and #1398. We note that `LogoutAllRefreshTokens` was marked as deprecated and may be possible to remove if all access tokens now have a `sessionId`. Additionally, `FindTokenBySessionID` can likely be replaced by using `FindCurrentlyActiveRefreshToken`. We will revisit these in a week or two but they are out of scope for this PR. Co-authored-by: joel <joel@joels-MacBook-Pro.local>
|
closing as this has been deployed - let us know if there are still issues though |
uxodb
pushed a commit
to uxodb/auth
that referenced
this issue
Nov 13, 2024
…ueries (supabase#1454) ## What kind of change does this PR introduce? Use the nil instance ID so that we can leverage the compound index on instance_id and user_id when performing search and deletion Aims to address supabase#1449 and supabase#1398. We note that `LogoutAllRefreshTokens` was marked as deprecated and may be possible to remove if all access tokens now have a `sessionId`. Additionally, `FindTokenBySessionID` can likely be replaced by using `FindCurrentlyActiveRefreshToken`. We will revisit these in a week or two but they are out of scope for this PR. Co-authored-by: joel <joel@joels-MacBook-Pro.local>
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this issue
Nov 13, 2024
…ueries (supabase#1454) ## What kind of change does this PR introduce? Use the nil instance ID so that we can leverage the compound index on instance_id and user_id when performing search and deletion Aims to address supabase#1449 and supabase#1398. We note that `LogoutAllRefreshTokens` was marked as deprecated and may be possible to remove if all access tokens now have a `sessionId`. Additionally, `FindTokenBySessionID` can likely be replaced by using `FindCurrentlyActiveRefreshToken`. We will revisit these in a week or two but they are out of scope for this PR. Co-authored-by: joel <joel@joels-MacBook-Pro.local>
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this issue
Nov 15, 2024
…ueries (supabase#1454) ## What kind of change does this PR introduce? Use the nil instance ID so that we can leverage the compound index on instance_id and user_id when performing search and deletion Aims to address supabase#1449 and supabase#1398. We note that `LogoutAllRefreshTokens` was marked as deprecated and may be possible to remove if all access tokens now have a `sessionId`. Additionally, `FindTokenBySessionID` can likely be replaced by using `FindCurrentlyActiveRefreshToken`. We will revisit these in a week or two but they are out of scope for this PR. Co-authored-by: joel <joel@joels-MacBook-Pro.local>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
Describe the bug
When investigating slow query logs in our database, we found that supabase_auth_admin accounts for the absolute majority of slow queries. One of the slow queries was the deletion of refresh_tokens by user_id.
Looking at the table definition, there is an index on
instance_id+user_id. As theinstance_idfield is not part of the query, it seems to significantly slow down the queries.Without instance id (35ms)
With instance id (0.271ms)
Screenshots
The text was updated successfully, but these errors were encountered: