diff options
author | Drew DeVault <sir@cmpwn.com> | 2018-11-27 23:42:45 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2018-11-27 23:42:45 -0500 |
commit | 90cd6cdc0f138b5dc338db07b84cd09d361226b8 (patch) | |
tree | 7e827591109fd595d78c0d572dcbadbb5969ac54 /meta.sr.ht/oauth-api.md | |
parent | 6357c0d4b1455584f6a9eeb918252bf3b4bfacbd (diff) | |
download | sr.ht-docs-90cd6cdc0f138b5dc338db07b84cd09d361226b8.tar.gz |
Add information about ongoing oauth maintenance
Diffstat (limited to 'meta.sr.ht/oauth-api.md')
-rw-r--r-- | meta.sr.ht/oauth-api.md | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/meta.sr.ht/oauth-api.md b/meta.sr.ht/oauth-api.md index a7dc25e..966dc21 100644 --- a/meta.sr.ht/oauth-api.md +++ b/meta.sr.ht/oauth-api.md @@ -171,3 +171,25 @@ example: curl \ -H Authorization:'token your-access-token' \ https://meta.sr.ht/api/user/profile + +# OAuth Maintenance + +meta.sr.ht offers several resources for ongoing maintenance of an OAuth client +and its access tokens. + +## Refreshing access tokens + +TODO + +## Rotating your client secret + +On the security tab of your OAuth client's dashboard (which can be accessed from +the [OAuth summary on your account](https://meta.sr.ht/oauth)), you can rotate +your client secret, in the event that it is compromised. + +## Revoking access tokens + +On the security tab of your OAuth client's dashboard (which can be accessed from +the [OAuth summary on your account](https://meta.sr.ht/oauth)), you can revoke +all issued access tokens at once, in the event some or all of them are +compromised. Users will have to repeat the authorization flow. |