Skip to content

Clean up token on deauthorize #3800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AlexTugarev opened this issue Apr 7, 2021 · 0 comments · Fixed by #3872
Closed

Clean up token on deauthorize #3800

AlexTugarev opened this issue Apr 7, 2021 · 0 comments · Fixed by #3872
Assignees
@AlexTugarev
Labels
aspect: authentication This is a broad, abstract, and almost impractical category that we have yet to sort out. type: improvement Improves an existing feature or existing code

Comments

@AlexTugarev
Copy link
Member

Bug description

When disconnecting a provider, tokens should be deleted as well.

Steps to reproduce

Go to /integrations page and disconnect a previously connected provider.

Expected behavior

No response

Example repository

No response

Related to #3754

Additional information

  • on account deletion / reconnecting with the same account the tokens will be cleaned up ✅
  • on connecting with another account (after previously disconnecting from first account) the old token remains ❌
    • in such cases, no tokens are returned (the DB interface and the getToken operation will throw an error,) thus unauthorized access is prevented ✅
    • further there is an re-authorization request in place when trying to open a workspace for the affected git provider, which will clean up the situation on success ✅

TL;DR the UX is impacted as it looks like the authorization is missing ❌
@AlexTugarev AlexTugarev mentioned this issue Apr 7, 2021
Closed
24 tasks
@csweichel csweichel added aspect: authentication This is a broad, abstract, and almost impractical category that we have yet to sort out. type: improvement Improves an existing feature or existing code labels Apr 8, 2021
@csweichel csweichel added this to the [backlog] April 2021 milestone Apr 8, 2021
@AlexTugarev AlexTugarev mentioned this issue Apr 9, 2021
Merged
@AlexTugarev AlexTugarev self-assigned this Apr 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexTugarev AlexTugarev

Labels
aspect: authentication This is a broad, abstract, and almost impractical category that we have yet to sort out. type: improvement Improves an existing feature or existing code
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

clean up tokens on deauthorize gitpod-io/gitpod
2 participants
@AlexTugarev @csweichel