Test: GitHub token revocation

[TylerLeonhardt]

Refs: #152055

• anyOS @anthonykim1
• anyOS: @alexr00 (Hosted GitHub Enterprise, not GHES)
• web @lramos15 (mint the token & sign out in insiders.vscode.dev)

Complexity: 3

Create Issue

---

When the user signs out of their GitHub account in VS Code, the tokens tied to this account use to only be deleted from the keyring. They were, however, still valid tokens and thus could still be used to make requests.

This iteration we now call out to GitHub's API to delete these tokens on the server side so that they can no longer work.

To test this, do the following:

1. Download my VS Code extension called Fugio that makes it easy to mint tokens
2. Run: Fugio: Mint Token and choose github (or github-enterprise) and then put in user as the scope
3. Copy the token and paste it into the following PowerShell script:

$myToken = "PASTE TOKEN HERE"
$githubBase = 'github.com'

try {
	Invoke-RestMethod -Uri "https://api.$githubBase/user" -Headers @{ "Authorization" = "Token $myToken" }
	Write-Output "Token is valid"
} catch {
	$_
	Write-Output "Token is invalid"
}

@alexr00 you will put your GHE base url instead of github.com

4. Run the script an ensure it returns Token is valid
5. Now sign out of this account in VS Code
6. Run the script a 2nd time... this time it should return Token is invalid

Btw, this is a best effort operation because that is just the nature of the beast of this needing to run on the client's machine... but at least we are doing something now, rather than nothing at all.