origin icon indicating copy to clipboard operation
origin copied to clipboard
verified publisher icon openshift

cannot "log out" with a read-only token

Open liggitt opened this issue 9 years ago • 8 comments

  1. Request an OAuth token with scope user:info user:list-projects
  2. Use the token in the cli (oc login --token=<token>)
  3. Attempt to log out (oc logout)

The log out attempts to delete the token, and is forbidden, so the token remains valid against the API

I'm not sure whether this is the behavior we want or not, but it was a little unexpected. We should decide whether we want to issue tokens that cannot be revoked by the bearer.

cc @deads2k

liggitt avatar Aug 12 '16 16:08 liggitt

I'm not sure whether this is the behavior we want or not, but it was a little unexpected. We should decide whether we want to issue tokens that cannot be revoked by the bearer.

Well, given that otherwise there's actually no way to do it (a user can't delete one token using another), that choice may be forced.

deads2k avatar Aug 12 '16 16:08 deads2k

a user can't delete one token using another

oc delete oauthaccesstokens <readonlytoken> --token=<fulltoken> works

liggitt avatar Aug 12 '16 17:08 liggitt

@liggitt is this now a documentation issue (we need to tell user how a read-only token can be deleted?)

mfojtik avatar Aug 31 '16 08:08 mfojtik

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Feb 22 '18 05:02 openshift-bot

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot avatar Mar 24 '18 05:03 openshift-bot

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-bot avatar Apr 23 '18 05:04 openshift-bot

/unassign

@stlaz @sttts @mfojtik

enj avatar Oct 16 '19 15:10 enj

Curious if I could try to resolve this issue. I'm fairly new to software engineering but would like to take on some open source projects.

@enj is this just a documentation issue?

Tasups avatar Sep 08 '22 17:09 Tasups