-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revoke apple token usage #7
base: main
Are you sure you want to change the base?
Conversation
@@ -33,6 +33,9 @@ | |||
<li class="nav-item"><a class="nav-link" aria-current="page" href="/_renarde/backoffice/index"><i class="bi bi-database"></i>{m:main.backoffice}</a></li> | |||
{/if} | |||
<li class="nav-item"><a class="nav-link" aria-current="page" href="{uri:RenardeSecurityController.logout()}">{m:main.logout}</a></li> | |||
{#if inject:user.tenantId && inject:user.tenantId is 'apple'} | |||
<li class="nav-item"><a class="nav-link" aria-current="page" href="{uri:RenardeRevokeController.revokeApple()}" >{m:main.revoke}</a></li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is the right thing to show/do.
The original requirement from Apple is that it be possible to delete an account, and that deleting an account should revoke the tokens.
So I don't think this is the functionality we should expose, as it does not delete the local account (the User
instance in the DB).
There should be an option to delete your account, probably with an intermediate page with a "Are you really sure?" button, and that should delete the account, and revoke the tokens, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's right, we must also delete the user on our db, not only the apple access.
Don't you think we need an User detail page to place this new button (and not in the top menu) ?
For instance, a link on the user name in the top bar that open a page which display user info plus a revoke/delete account button.
Also, I'll need a custom endpoint on this Todo project to handle de DB deletion of the user. I can do that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, sorry, I missed this.
Yes, you're right, it makes sense to add an account page, and put the delete
button there.
Exemple usage for Apple token revocation.
To try it:
quarkus.http.ssl.certificate.key-store-file
propperty)Extra files needed: