Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IBX-5915: Added way to revoke existing token #240

Merged
merged 4 commits into from
Jul 3, 2023
Merged

IBX-5915: Added way to revoke existing token #240

merged 4 commits into from
Jul 3, 2023

Conversation

Nattfarinn
Copy link
Contributor

@Nattfarinn Nattfarinn commented Jun 6, 2023
edited
Loading

Question Answer
JIRA issue IBX-5915
Type improvement
Target Ibexa version v4.6
BC breaks no

This will allow OAuth2 server implementation (but not only) to handle token revocation. Revoked token may be handled in a different way (yet behaves similar as deleted) by internal and 3rd party implementations.

Checklist:

  • Provided PR description.
  • Tested the solution manually.
  • Provided automated test coverage.
  • Checked that target branch is set correctly (main for features, the oldest supported for bugs).
  • Ran PHP CS Fixer for new PHP code (use $ composer fix-cs).
  • Asked for a review (ping @ibexa/engineering).
  • Installer upgrade scripts. (ref: https://github.com/ibexa/installer/pull/109)

@Nattfarinn Nattfarinn requested review from alongosz, ciastektk and a team June 6, 2023 06:47
@konradoboza konradoboza requested a review from a team June 6, 2023 07:37
alongosz
alongosz approved these changes Jun 6, 2023
View reviewed changes
Copy link
Member

@alongosz alongosz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be simpler to delete revoked token instead?

@Nattfarinn
Copy link
Contributor Author

@alongosz It would, but it is hard to predict if it will have consequences. Keep in mind we're using 3rd party Bundle and just adapting our storage. We may need, because of external code, to distinguish non-existent token from revoked access grant at some point.

@sonarcloud
Copy link

sonarcloud bot commented Jun 29, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@alongosz alongosz merged commit b2d3e0b into main Jul 3, 2023
25 checks passed
@alongosz alongosz deleted the ibx-5915-revoke-token branch July 3, 2023 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glye glye glye approved these changes

@kisztof kisztof kisztof approved these changes

@Steveb-p Steveb-p Steveb-p approved these changes

@alongosz alongosz alongosz approved these changes

@ciastektk ciastektk ciastektk approved these changes

@ViniTou ViniTou ViniTou approved these changes

@konradoboza konradoboza konradoboza approved these changes

Assignees

@adamwojs adamwojs

@mikadamczyk mikadamczyk

@Steveb-p Steveb-p

@alongosz alongosz

@ciastektk ciastektk

Labels
Ready for MERGE
Projects
None yet
Milestone
No milestone
10 participants
@Nattfarinn @glye @kisztof @Steveb-p @alongosz @ciastektk @ViniTou @konradoboza @adamwojs @mikadamczyk