[openstreetmap/openstreetmap-website] Add revoke endpoint for OAuth2 (Issue #3412)
Robbendebiene
notifications at github.com
Mon Jan 10 12:57:40 UTC 2022
### Description
Currently there is no way to [revoke an access token](https://oauth.net/2/token-revocation/). Applications who want to provide a proper logout option rely on such functionality. If they just "throw away" the access token then in theory the token can still be (ab)used.
The standard doorkeeper configuration uses the `/oauth2/revoke` endpoint, but it seems like it is not enabled for openstreetmap?
### Screenshots
_No response_
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3412
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/3412 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220110/6ba2d8e6/attachment.htm>
More information about the rails-dev
mailing list