feat: ability to revoke CI tokens generated by `login:ci`

shorebirdtech / shorebird

Code Push for Flutter and other tools for Flutter businesses.

https://shorebird.dev

Other

1.97k stars 118 forks source link

feat: ability to revoke CI tokens generated by `login:ci` #1941

Open bryanoltman opened 3 weeks ago

bryanoltman commented 3 weeks ago

Description

This would involve us implementing a layer of token management on our side instead of treating CI tokens as raw credentials.

Requirements

[ ] Ability to render a token issued by login:ci invalid without the user needing to reset the password for the account used to generated the token

Additional Context

A customer asked for this on Discord https://discord.com/channels/1030243211995791380/1230886476439359488

eseidel commented 3 weeks ago

We should move to issuing our own (secret, revokable) session tokens for CI, separate from the OAuth system. Ideally those tokens would also have minimal permissions separate from what a human account holder would.