Skip to content

Clean up token on deauthorize #3800

New issue
New issue
Closed
#3872
Closed
Clean up token on deauthorize#3800
#3872
Assignees
AlexTugarev
Labels
aspect: authenticationThis is a broad, abstract, and almost impractical category that we have yet to sort out.type: improvementImproves an existing feature or existing code
@AlexTugarev

Description

@AlexTugarev
AlexTugarev
opened on Apr 7, 2021

Bug description

When disconnecting a provider, tokens should be deleted as well.

Steps to reproduce

Go to /integrations page and disconnect a previously connected provider.

Expected behavior

No response

Example repository

No response

Related to #3754

Additional information

  • on account deletion / reconnecting with the same account the tokens will be cleaned up ✅
  • on connecting with another account (after previously disconnecting from first account) the old token remains ❌
    • in such cases, no tokens are returned (the DB interface and the getToken operation will throw an error,) thus unauthorized access is prevented ✅
    • further there is an re-authorization request in place when trying to open a workspace for the affected git provider, which will clean up the situation on success ✅

TL;DR the UX is impacted as it looks like the authorization is missing ❌

Metadata

Metadata

Assignees

Labels

aspect: authenticationThis is a broad, abstract, and almost impractical category that we have yet to sort out.type: improvementImproves an existing feature or existing code

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions