Skip to content

Expire Personal Access Token when OAUTH token expires #18989

New issue
New issue
Open
Open
Expire Personal Access Token when OAUTH token expires#18989
Labels
topic/securitySomething leaks user information or is otherwise vulnerable. Should be fixed!type/proposalThe new feature has not been accepted yet but needs to be discussed first.
@jasonvriends

Description

@jasonvriends
jasonvriends
opened on Mar 3, 2022

Feature Description

When your OAUTH token expires, it should also change the 'is active' to disabled so the Personal Access Token no longer works. As of right now, if you log out of Gitea or no longer have access to login, your token still works until someone manually disables your account. This does not occur with Active Directory/LDAP.

Screenshots

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    topic/securitySomething leaks user information or is otherwise vulnerable. Should be fixed!type/proposalThe new feature has not been accepted yet but needs to be discussed first.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions