Issue #12230 wontfix

Add API End point to allow user logout

Juned Miah
created an issue

I am creating an extension for bitbucket pull requests and I am having trouble developing a logout functionality for the user.

It would be extremely helpful to have an API endpoint to allow users to logout or revoke access to the extension.

The logout would simply invalidate the access token and require the user to log back in again.

Comments (1)

  1. Kaleb Elwert

    We have had a number of discussions about this and we have no plans to support an API for addons to revoke their own access.

    For oauth tokens, if you simply delete the shared secret, it will no longer be possible to make requests and this should be good enough for almost all cases. If a user is worried about an application still making requests, they can remove the token themselves.

    User auth is something that is very important and we've currently decided that if something is being revoked it should be done by the user and not through an API.

  2. Log in to comment