Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: change comment on revokeOAuth2LoginSessions #3853

Merged
merged 1 commit into from
Oct 10, 2024
Merged

fix: change comment on revokeOAuth2LoginSessions #3853

merged 1 commit into from
Oct 10, 2024

Conversation

sakai-303
Copy link
Contributor

Related issue(s)

This is not an issue, but the related discussions can be found below.
https://github.com/orgs/ory/discussions/118

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

alnr
alnr requested changes Oct 7, 2024
View reviewed changes
Copy link
Contributor

@alnr alnr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this correct? I don't think it is. Need to look at this in detail.

@aeneasr
Copy link
Member

aeneasr commented Oct 10, 2024

This is correct, due to a cascade delete of request_id, see also: https://github.com/orgs/ory/discussions/118

@aeneasr aeneasr merged commit 6d829dd into ory:master Oct 10, 2024
29 checks passed
@aeneasr
Copy link
Member

aeneasr commented Oct 10, 2024 

CONSTRAINT hydra_oauth2_refresh_challenge_id_fk FOREIGN KEY (challenge_id) REFERENCES public.hydra_oauth2_flow(consent_challenge_id) ON DELETE CASCADE,

@alnr
Copy link
Contributor

alnr commented Oct 10, 2024

This PR is incorrect. Revoking a login session does not revoke access tokens and also does not revoke consent!

@alnr
Copy link
Contributor

alnr commented Oct 10, 2024

It also does not revoke refresh tokens.

@alnr
Copy link
Contributor

alnr commented Oct 10, 2024

Added comment in https://github.com/orgs/ory/discussions/118

alnr added a commit that referenced this pull request Oct 10, 2024
@alnr
Revert "fix: change comment on revokeOAuth2LoginSessions (#3853)"
dbedc46 
This reverts commit 6d829dd.
alnr added a commit that referenced this pull request Oct 10, 2024
@alnr
revert: change comment on revokeOAuth2LoginSessions (#3853)
de14278 
See https://github.com/orgs/ory/discussions/118
@alnr
Copy link
Contributor

alnr commented Oct 10, 2024

Revert #3858

aeneasr pushed a commit that referenced this pull request Oct 10, 2024
@alnr
revert: change comment on revokeOAuth2LoginSessions (#3853) (#3858)
8263ef4 
See https://github.com/orgs/ory/discussions/118
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alnr alnr alnr requested changes

@aeneasr aeneasr aeneasr approved these changes

@hperl hperl Awaiting requested review from hperl

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sakai-303 @aeneasr @alnr