Add logout command
#23
Conversation
|
Thanks for the PR @waits! I'd prefer we actually invalidate the credentials rather than simply remove them locally. But I don't work on the API, so I can't commit to such a SDK call being added. |
|
Should I just make an HTTP request to |
|
Yeah revoke is probably what you want. Though that does complicate the behavior somewhat, because dbxcli actually uses three separate tokens depending on what API is being accessed. So revoke would have to revoke all of those tokens. |
|
Added that in 62490f1. I'm guessing people would expect it to log out of all accounts (if applicable) at once, so it sends one request per saved token. |
| const revokeURL = "https://api.dropboxapi.com/2/auth/token/revoke" | ||
|
|
||
| // Sends a POST request to /auth/token/revoke to revoke the given API token. | ||
| func revoke(tok string) error { |
There was a problem hiding this comment.
The SDK already has a auth.TokenRevoke API that you can use. See initDbx in root.go on how to use options.Domain to get a Client object. Once you have that, you can simply call TokenRevoke on the object for each registered domain.
There was a problem hiding this comment.
@diwakergupta Where is this TokenRevoke method defined? I can't find anything like that searching the source or godoc. The auth package is empty, and the Api interface that Client returns doesn't mention it either.
I used raw HTTP requests the first time around since I couldn't find a method for the revoke API, but I'll gladly use an official method if it exits. If it's supposed to exist but hasn't been written yet I can even make a PR for the SDK to add it.
|
@waits ah seems like I jumped the gun. The API method is defined here: https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke But it doesn't exist in the public Go SDK yet. I have it in my private branch seems like. Let me try to push an update over the weekend! Sorry for the confusion. |
|
OK @waits, thanks for your patience. Took more work than I anticipated, but I finally have updated the SDK and updated the vendor-ed dependency as well: https://github.com/dropbox/dropbox-sdk-go-unofficial/blob/master/auth/interface.go#L30 Can you rebase and re-work this PR? Thanks! |
|
@waits FYI I pushed some breaking changes to the SDK. The revoke call now lives at https://github.com/dropbox/dropbox-sdk-go-unofficial/blob/master/auth/client.go Note that you'll have to vendor in the |
The `logout` command deletes the saved access tokens, logging the user out of all accounts (personal and team). Closes dropbox#16.
|
@diwakergupta Thanks for adding that to the SDK. I switched I squashed my original second commit (that manually sent a POST request to |
|
@waits I believe the build is failing because of a missing dependency: the |
|
Strange, same problem. I vendored |
|
@waits your commit doesn't actually add the auth package -- only updates vendor.json. Did you run |
|
Alright, I fixed it up. Thanks @waits ! |
|
@diwakergupta Thanks! Yes I ran |
The
logoutcommand deletes the saved access tokens inauth.json, logging the user out of all accounts (personal and team).Rationale: This is needed in order to revoke access to your account, which is important for users on a shared compared or with multiple accounts.
I feel like we should also make a call to
/auth/token/revoketo permanently revoke the token that was in use, just in case (especially since they never expire). I couldn't find any way of doing that in the SDK, though, so we'd have to wait for that to be added or just make a raw HTTP request.