Delete OAuth 2.0 access tokens on password change
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	• eprodromou
	Oct 4 2019, 4:42 PM

Description

"As a User, I want to delete all access tokens when I change my password, so that applications need to re-authorize."

This is a best practice in the OAuth 2.0 world, based on the assumption that the user needed to change their password because they're concerned about a security breach.

Related Objects
Search...

Status	Assigned	Task
Invalid	None	T229661 Core REST API in MediaWiki
Resolved	• eprodromou	T234665 Add OAuth 2.0 support to MediaWiki REST API
Open	None	T234674 Delete OAuth 2.0 access tokens on password change

Event Timeline

• eprodromou created this task.Oct 4 2019, 4:42 PM

• eprodromou removed a subscriber: sbassett.Oct 4 2019, 6:52 PM

Google does this. https://support.google.com/a/answer/6328616?hl=en

CCicalese_WMF edited projects, added Platform Team Initiatives (MW REST API in PHP); removed Platform Team Initiatives (OAuth 2.0).Mar 18 2020, 9:48 PM

Aklapper removed EvanProdromou as the assignee of this task.May 25 2021, 8:39 PM

Aklapper added a subscriber: EvanProdromou.

Adding missing MediaWiki-REST-API code project tag as Platform Team Initiatives (MW REST API in PHP) team tag is archived and its parent Platform Engineering team does not exist anymore

Delete OAuth 2.0 access tokens on password changeOpen, Needs TriagePublicActions

Description

Related ObjectsSearch...

Event Timeline

Delete OAuth 2.0 access tokens on password change
Open, Needs TriagePublic
Actions

Related Objects
Search...