Opened 11 years ago
Closed 9 years ago
#549 closed enhancement (fixed)
Allow users to revoke an OAuth access grant
|Reported by:||nyergler||Owned by:|
|Cc:||joar, nathan@…, tsyesika||Parent Tickets:|
Users can currently authorize an application and view the applications they've authorized, but can not revoke access. We should add support for this.
Change History (10)
comment:1 by , 11 years ago
|Status:||new → accepted|
comment:2 by , 11 years ago
comment:3 by , 10 years ago
|Status:||accepted → review|
comment:4 by , 10 years ago
That merge request seems to be something different, I think https://gitorious.org/~nyergler/mediagoblin/nyerglers-mediagoblin/commits/549-oauth-token-revocation is more accurate. Anyway, reviewing!
comment:5 by , 10 years ago
So far things look sane, though (my bad) this took too long to merge, so the refactoring of the view module is making it slightly difficult to fix. Trying my best though.
I'm assuming in the commit:
commit 87a4fbcdba8e6e34460868a25243c4f0b1011e18 Author: Nathan Yergler <firstname.lastname@example.org> Date: Mon Nov 26 20:12:22 2012 -0800 Split OAuth views into modules for clarity.
there weren't any changes made to the views themselves... so I might try to do a slightly more manual merge of this by reproducing that commit with moving over the current state of those views, then cherry picking the latter two commits on top of them.
comment:6 by , 10 years ago
I got that bit taken care of. However, this is still a very tricky branch to merge properly :)
I've attempted a merge here: https://gitorious.org/~cwebber/mediagoblin/cwebbers-mediagoblin/commits/649_oauth_revocation_merge
However, it is NOT READY. This is because it adds some things to the global context that were previously necessary, but in the new iterations to the plugin system are not necessary (and probably should not be put there). I think the right way to do this is to use template hooks (which didn't exist when this branch was first done) and context hooks (which are coming with issue #623). I'm working toward that now.
comment:7 by , 10 years ago
|Status:||review → in_progress|
As such I'm also claiming this ticket and marking it as in progress... at the very least, I should be able to move things over to using those tools in theory, even though I don't think I have a good workflow to test them from :)
comment:8 by , 10 years ago
|Status:||in_progress → accepted|
I'm removing this claim from myself. However, tsyesika should be looped in on it.. oauth stuff is being redone and I'm not sure whether this is a concern also there.
comment:9 by , 10 years ago
|Status:||accepted → in_progress|
I'm switching this over to Tsyesika. Over IRC she says she's intending to get to this, but it's not a priority within her present work.
comment:10 by , 9 years ago
|Status:||in_progress → closed|
This has been fixed as of 7e15632b. You can now deauthorize applications by going to "Change account settings" > "Deauthorize applications" > "Deauthorize" on the application you wish to deauthroize.
I've pushed a fix for this to my personal repo and opened a merge request: https://gitorious.org/mediagoblin/mediagoblin/merge_requests/47