Page MenuHomePhabricator

Delete OAuth 2.0 access tokens on password change
Open, Needs TriagePublic


"As a User, I want to delete all access tokens when I change my password, so that applications need to re-authorize."

This is a best practice in the OAuth 2.0 world, based on the assumption that the user needed to change their password because they're concerned about a security breach.