Clarify behavior of secret reset
Open, HighPublic
Actions

Assigned To

None

Authored By

	apaskulin
	Jan 9 2021, 3:51 AM

Description

Clarify the following OAuth 2.0 behaviors and communicate them in the API Portal. (This should also be clarified in the docs on Meta and mediawiki.org; see T271606.)

When resetting the token for an owner-only client, is the old token invalidated?
When resetting the secret for a non-owner-only client, is the old client secret invalidated? Are active access tokens invalidated?

Related Objects

Mentioned In: T268179: Confirmation dialog for reset client secret
Mentioned Here: T271606: Create a proposal for organizing OAuth docs between Meta, mediawiki.org, and the API Portal

Event Timeline

apaskulin created this task.Jan 9 2021, 3:51 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 9 2021, 3:51 AM

apaskulin triaged this task as High priority.Jan 9 2021, 4:14 AM

apaskulin moved this task from Backlog to Content on the API-Portal board.

Lslsxxo subscribed.Jan 9 2021, 11:46 AM

• sdkim mentioned this in T268179: Confirmation dialog for reset client secret.Dec 3 2021, 4:49 PM

Clarify behavior of secret resetOpen, HighPublicActions

Description

Related Objects

Event Timeline

Clarify behavior of secret reset
Open, HighPublic
Actions