Hendrawan Kuncoro

my suggestion will be probably hated by everyone But how about we use central git repo as site-network actions, and another git-repos for each subsite but embedded as submodule or...

yep i think that is the most appropriate solution, giving specific exception like \DeviceNotRegistered or something else

+1

@huhuang03 i didn't, you might wanna try https://frida.re/ though

+1 for this, its useful for me personally - optional - configurable

i would vote for "grace" period + expired time. Hitting expired token is minimal, but it could happen more than rarely, especially on multiple client apps setup. And give "expired"...

yes, i stand corrected. i dont think we need "expired" tokens at all to be stored. These are thrown by `JWT::decode` anyway. So i think we can safe-ly process remove...

although if main concern is "size" of user meta, generate_token might be the place, since its the method that technically "add" size to that user meta.

As far as i understand `validate_callback` is for REST arguments/params. for the endpoint it self, i think `permission_callback` is the one that supposed to do that

> So, the solution was actually quite simple: I modified the existing Registration template in FusionAuth's UI settings to always render both email and username input boxes and set the...