Add information about ongoing oauth maintenance

author: Drew DeVault <sir@cmpwn.com> 2018-11-27 23:42:45 -0500
committer: Drew DeVault <sir@cmpwn.com> 2018-11-27 23:42:45 -0500
commit: 90cd6cdc0f138b5dc338db07b84cd09d361226b8 (patch)
tree: 7e827591109fd595d78c0d572dcbadbb5969ac54 /meta.sr.ht
parent: 6357c0d4b1455584f6a9eeb918252bf3b4bfacbd (diff)
download: sr.ht-docs-90cd6cdc0f138b5dc338db07b84cd09d361226b8.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/meta.sr.ht/oauth-api.md b/meta.sr.ht/oauth-api.md
index a7dc25e..966dc21 100644
--- a/meta.sr.ht/oauth-api.md
+++ b/meta.sr.ht/oauth-api.md
@@ -171,3 +171,25 @@ example:
     curl \
         -H Authorization:'token your-access-token' \
         https://meta.sr.ht/api/user/profile
+
+# OAuth Maintenance
+
+meta.sr.ht offers several resources for ongoing maintenance of an OAuth client
+and its access tokens.
+
+## Refreshing access tokens
+
+TODO
+
+## Rotating your client secret
+
+On the security tab of your OAuth client's dashboard (which can be accessed from
+the [OAuth summary on your account](https://meta.sr.ht/oauth)), you can rotate
+your client secret, in the event that it is compromised.
+
+## Revoking access tokens
+
+On the security tab of your OAuth client's dashboard (which can be accessed from
+the [OAuth summary on your account](https://meta.sr.ht/oauth)), you can revoke
+all issued access tokens at once, in the event some or all of them are
+compromised. Users will have to repeat the authorization flow.
author	Drew DeVault <sir@cmpwn.com>	2018-11-27 23:42:45 -0500
committer	Drew DeVault <sir@cmpwn.com>	2018-11-27 23:42:45 -0500
commit	90cd6cdc0f138b5dc338db07b84cd09d361226b8 (patch)
tree	7e827591109fd595d78c0d572dcbadbb5969ac54 /meta.sr.ht
parent	6357c0d4b1455584f6a9eeb918252bf3b4bfacbd (diff)
download	sr.ht-docs-90cd6cdc0f138b5dc338db07b84cd09d361226b8.tar.gz