Opened 11 years ago

Closed 9 years ago

#549 closed enhancement (fixed)

Allow users to revoke an OAuth access grant

Reported by: nyergler Owned by:
Priority: major Milestone:
Component: programming Keywords: oauth
Cc: joar, nathan@…, tsyesika Parent Tickets:

Description

Users can currently authorize an application and view the applications they've authorized, but can not revoke access. We should add support for this.

Change History (10)

comment:1 by nyergler, 11 years ago

Cc: nathan@… added
Owner: set to nyergler
Status: newaccepted

comment:2 by nyergler, 11 years ago

I've pushed a fix for this to my personal repo and opened a merge request: https://gitorious.org/mediagoblin/mediagoblin/merge_requests/47

comment:3 by Christopher Allan Webber, 10 years ago

Owner: nyergler removed
Status: acceptedreview

comment:4 by Christopher Allan Webber, 10 years ago

That merge request seems to be something different, I think https://gitorious.org/~nyergler/mediagoblin/nyerglers-mediagoblin/commits/549-oauth-token-revocation is more accurate. Anyway, reviewing!

comment:5 by Christopher Allan Webber, 10 years ago

So far things look sane, though (my bad) this took too long to merge, so the refactoring of the view module is making it slightly difficult to fix. Trying my best though.

I'm assuming in the commit:

commit 87a4fbcdba8e6e34460868a25243c4f0b1011e18
Author: Nathan Yergler <nathan@yergler.net>
Date:   Mon Nov 26 20:12:22 2012 -0800

    Split OAuth views into modules for clarity.

there weren't any changes made to the views themselves... so I might try to do a slightly more manual merge of this by reproducing that commit with moving over the current state of those views, then cherry picking the latter two commits on top of them.

comment:6 by Christopher Allan Webber, 10 years ago

I got that bit taken care of. However, this is still a very tricky branch to merge properly :)

I've attempted a merge here: https://gitorious.org/~cwebber/mediagoblin/cwebbers-mediagoblin/commits/649_oauth_revocation_merge

However, it is NOT READY. This is because it adds some things to the global context that were previously necessary, but in the new iterations to the plugin system are not necessary (and probably should not be put there). I think the right way to do this is to use template hooks (which didn't exist when this branch was first done) and context hooks (which are coming with issue #623). I'm working toward that now.

comment:7 by Christopher Allan Webber, 10 years ago

Owner: set to Christopher Allan Webber
Status: reviewin_progress

As such I'm also claiming this ticket and marking it as in progress... at the very least, I should be able to move things over to using those tools in theory, even though I don't think I have a good workflow to test them from :)

comment:8 by Christopher Allan Webber, 10 years ago

Cc: tsyesika added
Owner: Christopher Allan Webber removed
Status: in_progressaccepted

I'm removing this claim from myself. However, tsyesika should be looped in on it.. oauth stuff is being redone and I'm not sure whether this is a concern also there.

comment:9 by Christopher Allan Webber, 10 years ago

Owner: set to tsyesika
Status: acceptedin_progress

I'm switching this over to Tsyesika. Over IRC she says she's intending to get to this, but it's not a priority within her present work.

comment:10 by Jessica Tallon, 9 years ago

Owner: tsyesika removed
Resolution: fixed
Status: in_progressclosed

This has been fixed as of 7e15632b. You can now deauthorize applications by going to "Change account settings" > "Deauthorize applications" > "Deauthorize" on the application you wish to deauthroize.

Note: See TracTickets for help on using tickets.