purge_user's revoke used `decrypt(refresh) or tok.access_token`, but access_token is stored ENCRYPTED — so a token row without a refresh token would send ciphertext to Google's revoke endpoint and silently fail. Decrypt it. (Pre-existing; surfaced by the review of the OAuth-scope fix.) |
||
|---|---|---|
| .. | ||
| alembic | ||
| app | ||
| alembic.ini | ||
| Dockerfile | ||
| entrypoint.sh | ||
| log_config.json | ||
| requirements.txt | ||
| ruff.toml | ||