Opened 10 years ago
Closed 8 years ago
#549 closed enhancement (fixed)
Allow users to revoke an OAuth access grant
Reported by: | nyergler | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | programming | Keywords: | oauth |
Cc: | joar, nathan@…, tsyesika | Parent Tickets: |
Description
Users can currently authorize an application and view the applications they've authorized, but can not revoke access. We should add support for this.
Subtickets
Change History (10)
comment:1 Changed 10 years ago by
Cc: | nathan@… added |
---|---|
Owner: | set to nyergler |
Status: | new → accepted |
comment:2 Changed 10 years ago by
comment:3 Changed 10 years ago by
Owner: | nyergler deleted |
---|---|
Status: | accepted → review |
comment:4 Changed 10 years ago by
That merge request seems to be something different, I think https://gitorious.org/~nyergler/mediagoblin/nyerglers-mediagoblin/commits/549-oauth-token-revocation is more accurate. Anyway, reviewing!
comment:5 Changed 10 years ago by
So far things look sane, though (my bad) this took too long to merge, so the refactoring of the view module is making it slightly difficult to fix. Trying my best though.
I'm assuming in the commit:
commit 87a4fbcdba8e6e34460868a25243c4f0b1011e18 Author: Nathan Yergler <nathan@yergler.net> Date: Mon Nov 26 20:12:22 2012 -0800 Split OAuth views into modules for clarity.
there weren't any changes made to the views themselves... so I might try to do a slightly more manual merge of this by reproducing that commit with moving over the current state of those views, then cherry picking the latter two commits on top of them.
comment:6 Changed 10 years ago by
I got that bit taken care of. However, this is still a very tricky branch to merge properly :)
I've attempted a merge here: https://gitorious.org/~cwebber/mediagoblin/cwebbers-mediagoblin/commits/649_oauth_revocation_merge
However, it is NOT READY. This is because it adds some things to the global context that were previously necessary, but in the new iterations to the plugin system are not necessary (and probably should not be put there). I think the right way to do this is to use template hooks (which didn't exist when this branch was first done) and context hooks (which are coming with issue #623). I'm working toward that now.
comment:7 Changed 10 years ago by
Owner: | set to Christopher Allan Webber |
---|---|
Status: | review → in_progress |
As such I'm also claiming this ticket and marking it as in progress... at the very least, I should be able to move things over to using those tools in theory, even though I don't think I have a good workflow to test them from :)
comment:8 Changed 10 years ago by
Cc: | tsyesika added |
---|---|
Owner: | Christopher Allan Webber deleted |
Status: | in_progress → accepted |
I'm removing this claim from myself. However, tsyesika should be looped in on it.. oauth stuff is being redone and I'm not sure whether this is a concern also there.
comment:9 Changed 10 years ago by
Owner: | set to tsyesika |
---|---|
Status: | accepted → in_progress |
I'm switching this over to Tsyesika. Over IRC she says she's intending to get to this, but it's not a priority within her present work.
comment:10 Changed 8 years ago by
Owner: | tsyesika deleted |
---|---|
Resolution: | → fixed |
Status: | in_progress → closed |
This has been fixed as of 7e15632b. You can now deauthorize applications by going to "Change account settings" > "Deauthorize applications" > "Deauthorize" on the application you wish to deauthroize.
I've pushed a fix for this to my personal repo and opened a merge request: https://gitorious.org/mediagoblin/mediagoblin/merge_requests/47