KEMBAR78
Revoke GitHub token on sign out · Issue #152055 · microsoft/vscode · GitHub
Skip to content

Revoke GitHub token on sign out #152055

New issue
New issue
Closed
#188111
Closed
Revoke GitHub token on sign out#152055
#188111
Assignees
TylerLeonhardt
Labels
authenticationIssues with the Authentication platformfeature-requestRequest for new features or functionalityinsiders-releasedPatch has been released in VS Code Insiderson-testplan
Milestone
July 2023
@joshaber

Description

@joshaber
joshaber
opened on Jun 14, 2022

Currently signing out of your GitHub account only removes the token from the secret store but the token continues to be valid, which means that if it was leaked the attacker can continue to make use of it.

To mitigate this, VS Code should revoke the token on sign out, see this API: https://docs.github.com/en/rest/apps/oauth-applications#delete-an-app-token

Metadata

Metadata

Assignees

Labels

authenticationIssues with the Authentication platformfeature-requestRequest for new features or functionalityinsiders-releasedPatch has been released in VS Code Insiderson-testplan

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions