Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
Future Dev
-
None
-
Easy
Description
The manage token page allows a user to revoke webservice tokens and rss tokens:
/user/managetoken.php
But there are other token types that are broadly equivalent or worse in risk profile to rss tokens. So proposing that this page show all tokens, their ip restrictions and expiry and where you can revoke them all.
There could be some sort of callback or auto loaded class so that a core component or a plugin which uses login keys can easily augment the behavior, eg maybe it could declare that keys can be revoked but should not be visible, or declare a link to . All of the rss specific logic should be moved to use this so it's just another type of managed token with no special priority.
Attachments
Issue Links
- has a non-specific relationship to
-
MDL-73295 sesskey is exposed in url for /user/managetoken.php
-
- Closed
-
- has been marked as being related by
-
MDLSITE-6597 Sesskey in api page for plugins directory
-
- Open
-
- will help resolve
-
MDL-73089 Convert calendar export token to a user key like rss so they are fully revocable
-
- Open
-