Application Authorized Multiple Times

[mcondave]

I've been working with this plugin and noticed that an application can be listed multiple times under the "Authorized Applications" section in the user profile if access tokens are served on different occasions. Evidently, I'm not the only one to notice this issue.

My question is: are there any updates in the works regarding auto-revocation of old tokens? If not, I've written a method which will automatically delete old access tokens that match the current user/consumer ONLY when a new access token is being served.

I can create a pull request to review/test the method I've written if needed.

[kosso]

There does appear to be a lot of leftover/old entries in the wp_options table for request tokens and access tokens.

Something is definitely not right in how the plugin is doing its housekeeping of all that.

[mcondave]

@kosso I didn't even notice the excess request tokens - I thought it was just access tokens. Good catch! I'm not sure if the method to remove request tokens is working correctly.

Edit: I took a look at the method which deletes request tokens . I think it's supposed to delete the request token once an access token is issued. I tested a few times and it seemed to be firing correctly. Not sure where all the request token entries are coming from. I'm assuming bad authorization attempts might be one cause of extra tokens. Any thoughts?