Skip to content
This repository has been archived by the owner on Aug 27, 2024. It is now read-only.

Token revocation scenario #23

Closed
prayerslayer opened this issue Mar 3, 2016 · 3 comments
Closed

Token revocation scenario #23

prayerslayer opened this issue Mar 3, 2016 · 3 comments
Labels
enhancement wontfix

Comments

@prayerslayer
Copy link
Contributor

In worst case we would have to revoke all access tokens we got via Github web UI and delete them from our database.

Think of a way to restore functionality with minimal user effort (ie ideally not more than logging in).
@mfellner
Copy link
Contributor

mfellner commented Mar 3, 2016
edited
Loading

Given #25 we are going to store a valid token with each check when it is enabled.

  • Tokens are initially created when users log in and complete the OAUTH flow
  • No additional tokens are created
  • We can revoke all those user tokens through the Github application settings
  • Users cannot revoke these tokens themselves (only the complete application access)

Given these facts, the general flow would be:

  1. revoke user tokens in the application settings
  2. delete all user sessions in the database
  3. users are forced to log in again, going through the OAUTH flow
  4. We add the new tokens to any already enabled checks (not yet implemented)

@mfellner mfellner modified the milestones: Sprint 2, Sprint 3 Mar 3, 2016
@mfellner mfellner removed this from the Sprint 3 milestone Apr 15, 2016
@LappleApple
Copy link
Contributor

Hey @prayerslayer @mfellner @spaudanjo, can we close this issue? It dates back to March 2016.

Or, we could add a "Help Wanted" label.

@mawenzel
Copy link

Cleaned up during backlog grooming

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@prayerslayer @mfellner @LappleApple @mawenzel