Password reset should invalidate oauth tokens
Bug #1130689 reported by
Michael Foord
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
New
|
Undecided
|
Unassigned | ||
Bug Description
Once a password has been reset, any oauth tokens authenticated with the *old password* (so all current tokens) should be invalidated and the app should have to obtain a fresh token by re-authenticating.
| tags: | added: u1-notrack |
To post a comment you must log in.
