-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[API] Cannot revoke an authorized application #6857
Comments
ok after I removed the entry from I created a lot of clients without finishing the handshake. Maybe it is my dev-setup. I will test it tomorrow with a clean environment. Please let me know if someone can or cannot reproduce it. |
It works in my setup, but I guess we should try to reproduce this by abusing it. If we can break diaspora* by aborting the handshake, this would be a rather nasty bug. |
Ok, here is what happens. By default, Here is a log excerpt that shows the issue:
You may see INSERT INTO `id_tokens` VALUES (5,5,'2016-06-17 11:10:59','hi','2016-06-17 10:40:59','2016-06-17 10:40:59'); Commenting out the |
Yes, and about the handshake abortion, I have a feeling that it can't break anything itself. |
Thanks for analyzing it. We should put the deletion in an |
If I hit "Revoke" in /api/openid_connect/user_applications:
The text was updated successfully, but these errors were encountered: