request #15065 Changing password should revoke all OAuth2 tokens

Artifact

Infos

Artifact ID#15065

Submitted byThomas Gerbet (tgerbet)

Last Modified On2020-07-07 10:30

Submitted on2020-07-03 14:01

Rank16334

Details

Summary *

Changing password should revoke all OAuth2 tokens

Original Submission

If a user's account is compromised by an attacker, the attacker could try to persist some of its accesses by registering an evil OAuth2 app into the account. By revoking all the ongoing OAuth2 tokens we make sure the user has purposely wanted to share its access with the app at least once.

CategoryOAuth2 / OpenID Connect server

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2020-07-07

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #14817	Tuleap	Releases	11.17	Delivered	2020-07-23 10:57	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #15065

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/47/19447/3' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 2ae36ef0c2

Joris MASSON (jmasson) , 2020-07-07 10:28

request #15065: Changing password should revoke all OAuth2 tokens b88cbd3979

Thomas Gerbet (tgerbet) , 2020-07-07 09:29

Show items referenced by request #15065

Referenced by request #15065

Artifact Tracker v5

rel #14817 11.17

Other

Follow-ups

Joris MASSON (jmasson)

2020-07-07 10:30

gerrit #19447 integrated into Tuleap 11.16.99.91

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #14817
Close date set to 2020-07-07

Thomas Gerbet (tgerbet)

2020-07-03 15:05

Patch under review: gerrit #19447.

Status changed from Under implementation to Under review