Page MenuHomePhabricator

Provide "bin/auth revoke" with a revoker for Conduit tokens
ClosedPublic

Authored by epriestley on Mar 3 2017, 10:22 PM.
Tags
None
Referenced Files
F15418976: D17458.diff
Fri, Mar 21, 2:46 AM
F15418210: D17458.id.diff
Thu, Mar 20, 9:34 PM
F15410246: D17458.diff
Wed, Mar 19, 6:56 AM
F15383163: D17458.diff
Fri, Mar 14, 3:42 PM
F15358639: D17458.id41983.diff
Tue, Mar 11, 7:23 AM
Unknown Object (File)
Feb 25 2025, 8:53 PM
Unknown Object (File)
Feb 25 2025, 4:41 PM
Unknown Object (File)
Feb 18 2025, 4:32 AM
Subscribers
None

Details

Summary

Ref T12313. This puts a UI on revoking credentials after a widespread compromise like Cloudbleed or a local one like copy/pasting a token into public chat.

For now, I'm only providing a revoker for conduit tokens since that's the immediate use case.

Test Plan
  • Revoked in user + type, everything + user, everywhere + type, and everything + everywhere modes.
  • Verified that conduit tokens were destroyed in all cases.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable