[openstreetmap/openstreetmap-website] Add revoke endpoint for OAuth2 (Issue #3412)
Robbendebiene
notifications at github.com
Mon Jan 10 13:44:51 UTC 2022
Sorry for not making my self clear. I'm not using OSM oauth2 as a login scheme for a personal site. I'm working on some kind of OSM-Editor (native App) who provides the option to upload edits via an OSM account. The authentication is managed/done via OAuth2. So I'm talking about
> an application "logging out" of access to openstreetmap.org
I'd agree that logout doesn't **necessarily** require token revoking. I guess it is the same debate about just clearing a session cookie / removing it from the browser or doing an actual "logout" request to the server which cleans and revokes the session on the server side. One might argue that the latter is more clean and potentially more secure.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3412#issuecomment-1008887325
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/3412/1008887325 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220110/4ff810f8/attachment.htm>
More information about the rails-dev
mailing list