Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revoke GitHub token on sign out #152055

Closed
joshaber opened this issue Jun 14, 2022 · 1 comment · Fixed by #188111
Closed

Revoke GitHub token on sign out #152055

joshaber opened this issue Jun 14, 2022 · 1 comment · Fixed by #188111
Assignees
@TylerLeonhardt
Labels
authentication Issues with the Authentication platform feature-request Request for new features or functionality insiders-released Patch has been released in VS Code Insiders on-testplan
Milestone
July 2023

Comments

@joshaber
Copy link
Member

Currently signing out of your GitHub account only removes the token from the secret store but the token continues to be valid, which means that if it was leaked the attacker can continue to make use of it.

To mitigate this, VS Code should revoke the token on sign out, see this API: https://docs.github.com/en/rest/apps/oauth-applications#delete-an-app-token
@TylerLeonhardt
Copy link
Member

I wish this API didn't require the client secret...

@TylerLeonhardt TylerLeonhardt added bug Issue identified by VS Code Team member as probable bug authentication Issues with the Authentication platform labels Jun 17, 2022
@TylerLeonhardt TylerLeonhardt added this to the Backlog milestone Jun 17, 2022
@TylerLeonhardt TylerLeonhardt modified the milestones: Backlog, June 2023 May 28, 2023
@kieferrm kieferrm mentioned this issue Jun 11, 2023
Closed
74 tasks
@TylerLeonhardt TylerLeonhardt modified the milestones: June 2023, Backlog Jun 27, 2023
@TylerLeonhardt TylerLeonhardt added feature-request Request for new features or functionality and removed bug Issue identified by VS Code Team member as probable bug labels Jun 27, 2023
@kieferrm kieferrm mentioned this issue Jul 9, 2023
Closed
54 tasks
TylerLeonhardt added a commit that referenced this issue Jul 17, 2023
@TylerLeonhardt
Try to revoke tokens that are getting deleted
ac27273 
Best effort.

Fixes #152055
@TylerLeonhardt TylerLeonhardt mentioned this issue Jul 17, 2023
Merged
@TylerLeonhardt TylerLeonhardt modified the milestones: Backlog, July 2023 Jul 17, 2023
@vscodenpa vscodenpa added unreleased Patch has not yet been released in VS Code Insiders insiders-released Patch has been released in VS Code Insiders and removed unreleased Patch has not yet been released in VS Code Insiders labels Jul 17, 2023
@TylerLeonhardt TylerLeonhardt mentioned this issue Jul 21, 2023
Closed
3 tasks
@github-actions github-actions bot locked and limited conversation to collaborators Aug 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@TylerLeonhardt TylerLeonhardt

Labels
authentication Issues with the Authentication platform feature-request Request for new features or functionality insiders-released Patch has been released in VS Code Insiders on-testplan
Projects
None yet
Milestone
July 2023
Development

Successfully merging a pull request may close this issue.

Try to revoke tokens that are getting deleted microsoft/vscode
3 participants
@joshaber @TylerLeonhardt @vscodenpa