-
Notifications
You must be signed in to change notification settings - Fork 28.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revoke GitHub token on sign out #152055
Labels
authentication
Issues with the Authentication platform
feature-request
Request for new features or functionality
insiders-released
Patch has been released in VS Code Insiders
on-testplan
Milestone
Comments
I wish this API didn't require the client secret... |
TylerLeonhardt
added
bug
Issue identified by VS Code Team member as probable bug
authentication
Issues with the Authentication platform
labels
Jun 17, 2022
TylerLeonhardt
added
feature-request
Request for new features or functionality
and removed
bug
Issue identified by VS Code Team member as probable bug
labels
Jun 27, 2023
VSCodeTriageBot
added
unreleased
Patch has not yet been released in VS Code Insiders
insiders-released
Patch has been released in VS Code Insiders
and removed
unreleased
Patch has not yet been released in VS Code Insiders
labels
Jul 17, 2023
3 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
authentication
Issues with the Authentication platform
feature-request
Request for new features or functionality
insiders-released
Patch has been released in VS Code Insiders
on-testplan
Currently signing out of your GitHub account only removes the token from the secret store but the token continues to be valid, which means that if it was leaked the attacker can continue to make use of it.
To mitigate this, VS Code should revoke the token on sign out, see this API: https://docs.github.com/en/rest/apps/oauth-applications#delete-an-app-token
The text was updated successfully, but these errors were encountered: