Open chenkc805 opened 8 months ago
Related task in VS Code: https://github.com/sourcegraph/cody/issues/2935
Retitling this "and VSCode" because the VSCode issue was autoclosed as stale without being fixed AFAICT.
Should we be invalidating any token when you sign out, or just ones we created with the sign-in flow?
Might be painful if a user is reusing the same token elsewhere to invalidate it…
Yeah - can we do some sort of first in, last out (FILO) with tokens, where the oldest token that you authenticated with just gets discarded in favor of the new one? I can't imagine that anyone with 20+ tokens would be keeping around that 1st token…
Ok, @ara.khan is that enough to go on or do you need more design support? Can you bring #discuss-security in on this too, since we are messing with token issuance…
Installation Information
Most recent version of Cody in JetBrains
Describe the bug
Steps to repro:
Expected behavior
This is a new feature for enterprise customers, but PLG users (aka users not on their own Enterprise instance) should never encounter this bug
@eseliger suggested revoking the access token when you sign out of Cody in the IDE. Context: https://sourcegraph.slack.com/archives/C05MW2TMYAV/p1706317215280919
Additional context (logs, images, etc)
No response