mattermost-plugin-github icon indicating copy to clipboard operation
mattermost-plugin-github copied to clipboard

Published 20 hours ago verified publisher icon mattermost

Plugin should avoid using revoked tokens

Open mickmister opened this issue 3 years ago • 3 comments

If we perform an API request using a user's token, and we receive a response noting that the token is revoked, we should:

  • delete the token from the KV store, declaring the user as disconnected
  • and notify the user via DM that their token has been revoked, and that they will need to reconnect their account in order to use the plugin

cc @aaronrothschild for this approach

Issue created from a Mattermost message by @thiefmaster.

mickmister avatar Sep 27 '21 17:09 mickmister

Approach seems fine to me, please include a link for the user to follow in the notification we send that let's them easily re-auth their account without much thinking.

aaronrothschild avatar Sep 27 '21 18:09 aaronrothschild

I would like to work on this

aelishRollo avatar Oct 02 '21 04:10 aelishRollo

It's all yours, thanks @aelishRollo! 👍🤫

mickmister avatar Oct 04 '21 02:10 mickmister