-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Plugin should avoid using revoked tokens #261
Comments
I would like to work on this. |
Great! Thank you @MatthewDorner! |
I'm adding checks for the But I'm afraid it is complicating the error handling code in
where the second |
Just waiting to see the resolution of #298, but may have another issue. In the case where the token is revoked AND expired, the attempt to renew the token will fail and there, I would like to Disconnect the account and DM the user. However, the call to I don't think this should block #298 but wondering if this will require some more extensive refactoring |
I was trying to see what specific need prompted this Issue, but the link doesn't work for me. |
Ping :)
I'd say the "specific need" is simply being a "polite API user". Repeating requests with a token you know is no longer valid is not nice. Some APIs might even (rightfully!) block/throttle you if a client does this too often (luckily GitLab doesn't). It also spams my log file with errors about the invalid tokens, which makes it hard to see if there's anything useful in the log file. |
We are in the process of a fix that involves automatically disconnecting users that try to use an expired token, and pinging them to reconnect their account. |
Besides there not being an option to get a list of users who use the plugin / have invalid tokens, I don't think that scales well (I'd have to |
If we perform an API request using a user's token, and we receive a response noting that the token is revoked, we should:
Issue created from a Mattermost message by
@thiefmaster
.The text was updated successfully, but these errors were encountered: