Page MenuHomePhabricator

Provide "bin/auth revoke" with a revoker for Conduit tokens
ClosedPublic

Authored by epriestley on Mar 3 2017, 10:22 PM.

Details

Summary

Ref T12313. This puts a UI on revoking credentials after a widespread compromise like Cloudbleed or a local one like copy/pasting a token into public chat.

For now, I'm only providing a revoker for conduit tokens since that's the immediate use case.

Test Plan
  • Revoked in user + type, everything + user, everywhere + type, and everything + everywhere modes.
  • Verified that conduit tokens were destroyed in all cases.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Mar 3 2017, 10:22 PM
chad accepted this revision.Mar 3 2017, 10:29 PM
This revision is now accepted and ready to land.Mar 3 2017, 10:29 PM
This revision was automatically updated to reflect the committed changes.