Plugin should avoid using revoked tokens

mattermost / mattermost-plugin-github

GitHub plugin for Mattermost

Apache License 2.0

157 stars 150 forks source link

Plugin should avoid using revoked tokens #483

Open mickmister opened 3 years ago

mickmister commented 3 years ago

If we perform an API request using a user's token, and we receive a response noting that the token is revoked, we should:

delete the token from the KV store, declaring the user as disconnected
and notify the user via DM that their token has been revoked, and that they will need to reconnect their account in order to use the plugin

cc @aaronrothschild for this approach

_Issue created from a Mattermost message by @thiefmaster._

aaronrothschild commented 3 years ago

Approach seems fine to me, please include a link for the user to follow in the notification we send that let's them easily re-auth their account without much thinking.

aelishRollo commented 3 years ago

I would like to work on this

mickmister commented 3 years ago

It's all yours, thanks @aelishRollo! 👍🤫