zulipbot
commented
7 years ago Hello @zulip/server-authentication, @zulip/server-bots members, this issue was labeled with the area: authentication, area: bots labels, so you may want to check it out!
Open rishig opened 7 years ago
zulipbot
commented
7 years ago Hello @zulip/server-authentication, @zulip/server-bots members, this issue was labeled with the area: authentication, area: bots labels, so you may want to check it out!
alexmv
commented
2 years ago I've updated this title to account for the fact that it should also cover actions that are irreversible without contacting support -- namely, deactivating one's own account, and deactivating the organization.
Currently if you want to view your API key, you need to enter your password. However, if you made an account with google auth, you won't have a password, so you instead have to create a password for the explicit purpose of getting access to your API key.
The solution is to have the auth for API key be a reauthentication flow that allows you to auth with google auth, ldap, or however you normally authenticate.
You can access the current flow at the bottom of https://chat.zulip.org/#settings/your-account
This is a somewhat tricky change, suitable for someone with experience developing for Zulip.