Opened 8 years ago

Closed 6 years ago

#549 closed enhancement (fixed)

Allow users to revoke an OAuth access grant

Reported by: nyergler Owned by:
Priority: major Milestone:
Component: programming Keywords: oauth
Cc: joar, nathan@…, tsyesika Parent Tickets:

Description

Users can currently authorize an application and view the applications they've authorized, but can not revoke access. We should add support for this.

Subtickets

Change History (10)

comment:1 Changed 8 years ago by nyergler

Cc: nathan@… added
Owner: set to nyergler
Status: newaccepted

comment:2 Changed 8 years ago by nyergler

I've pushed a fix for this to my personal repo and opened a merge request: https://gitorious.org/mediagoblin/mediagoblin/merge_requests/47

comment:3 Changed 7 years ago by Christopher Allan Webber

Owner: nyergler deleted
Status: acceptedreview

comment:4 Changed 7 years ago by Christopher Allan Webber

That merge request seems to be something different, I think https://gitorious.org/~nyergler/mediagoblin/nyerglers-mediagoblin/commits/549-oauth-token-revocation is more accurate. Anyway, reviewing!

comment:5 Changed 7 years ago by Christopher Allan Webber

So far things look sane, though (my bad) this took too long to merge, so the refactoring of the view module is making it slightly difficult to fix. Trying my best though.

I'm assuming in the commit:

commit 87a4fbcdba8e6e34460868a25243c4f0b1011e18
Author: Nathan Yergler <nathan@yergler.net>
Date:   Mon Nov 26 20:12:22 2012 -0800

    Split OAuth views into modules for clarity.

there weren't any changes made to the views themselves... so I might try to do a slightly more manual merge of this by reproducing that commit with moving over the current state of those views, then cherry picking the latter two commits on top of them.

comment:6 Changed 7 years ago by Christopher Allan Webber

I got that bit taken care of. However, this is still a very tricky branch to merge properly :)

I've attempted a merge here: https://gitorious.org/~cwebber/mediagoblin/cwebbers-mediagoblin/commits/649_oauth_revocation_merge

However, it is NOT READY. This is because it adds some things to the global context that were previously necessary, but in the new iterations to the plugin system are not necessary (and probably should not be put there). I think the right way to do this is to use template hooks (which didn't exist when this branch was first done) and context hooks (which are coming with issue #623). I'm working toward that now.

comment:7 Changed 7 years ago by Christopher Allan Webber

Owner: set to Christopher Allan Webber
Status: reviewin_progress

As such I'm also claiming this ticket and marking it as in progress... at the very least, I should be able to move things over to using those tools in theory, even though I don't think I have a good workflow to test them from :)

comment:8 Changed 7 years ago by Christopher Allan Webber

Cc: tsyesika added
Owner: Christopher Allan Webber deleted
Status: in_progressaccepted

I'm removing this claim from myself. However, tsyesika should be looped in on it.. oauth stuff is being redone and I'm not sure whether this is a concern also there.

comment:9 Changed 7 years ago by Christopher Allan Webber

Owner: set to tsyesika
Status: acceptedin_progress

I'm switching this over to Tsyesika. Over IRC she says she's intending to get to this, but it's not a priority within her present work.

comment:10 Changed 6 years ago by Jessica Tallon

Owner: tsyesika deleted
Resolution: fixed
Status: in_progressclosed

This has been fixed as of 7e15632b. You can now deauthorize applications by going to "Change account settings" > "Deauthorize applications" > "Deauthorize" on the application you wish to deauthroize.

Note: See TracTickets for help on using tickets.