As a developer I want to be able to manage my OAuth Applications
Opened this issue · 0 comments
UncleClapton commented
Acceptance Criteria
- A tab exists on a developer's profile page named "developer"
- A method of creating new OAuth clients exists
- A list of all OAuth clients belonging to the user exists with the following criteria:
- The listing contains the client's ID, name, and redirect URI.
- The listing contains a delete button, which will also confirm the user's choice to delete when first pressed.
- The listing contains a "revoke tokens" button which presents the user with a modal which completes the revocation process.
- The modal must contain an input for the client secret to be used in the authentication process for the API endpoint.
Background
This feature has been partially implemented with a half-baked UI. We should revisit it someday soon.
Additional Information
Deleting Clients
The API requires the following request to delete a client:
(This may change to include the client secret soon)
DELETE /clients/:id
Authentication: Bearer <token>
Revoking tokens
The API requires the following request to revoke all tokens:
POST /oauth/revokeAll
Authentication: <ClientId>:<ClientSecret>