codeigniter4 / shield

Now that I'm thinking through this more, I don't know that access tokens or JWT really need to be tracked every page view anyway. Tracking login attempts is more for catching bad actors attempting to break into accounts. With PAT and JWT, I don't believe you typically see these same types of attacks, so rapidly expanding a database to very large sizes doesn't seem beneficial.
#195 (comment)

shield/src/Authentication/Authenticators/AccessTokens.php

Lines 53 to 64 in 202ed04

    
           if (! $result->isOK()) { 
        
               // Always record a login attempt, whether success or not. 
        
               $this->loginModel->recordLoginAttempt( 
        
                   self::ID_TYPE_ACCESS_TOKEN, 
        
                   $credentials['token'] ?? '', 
        
                   false, 
        
                   $ipAddress, 
        
                   $userAgent 
        
               ); 
        
               return $result; 
        
           }

	if (! $result->isOK()) {
	// Always record a login attempt, whether success or not.
	$this->loginModel->recordLoginAttempt(
	self::ID_TYPE_ACCESS_TOKEN,
	$credentials['token'] ?? '',
	false,
	$ipAddress,
	$userAgent
	);

	return $result;
	}

Bug: `AccessTokens` authenticator records all accesses to "Auth Token Login Attempts" table