You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because I am paranoid™️ I sometimes check that nothing has managed to pop my account by checking the tokens table in the DB for anything unexpected. This isn't ideal since it relies on being a self-hosting admin with DB access, and probably is far less workable on sqlite than postgres.
I also have quite a bit of clutter in my token list from testing awful mad science c2s stuff.
Describe the solution you'd like.
A web interface in /settings for inspecting and expiring tokens. Pleroma's was just a list of tokens, grant date, scope, expire date, and a button to expire each token immediately.
Describe alternatives you've considered.
Direct DB access (checking the DB for tokens, deleting rows, etc) but that requires DB access and the know-how and is kind of inconvenient.
2FA will increase my comfort level here immensely but is not an entire substitute, it's more a sibling feature.
I've also considered the scorched earth approach of getting tokens I like set up, then setting Caddy to 403 /oauth/authorize, and then not worrying about token management because no one can get a token any more unless I remove the configuration 🙃 But again that's a self-hoster privilege.
Additional context.
No response
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem ?
Because I am paranoid™️ I sometimes check that nothing has managed to pop my account by checking the
tokenstable in the DB for anything unexpected. This isn't ideal since it relies on being a self-hosting admin with DB access, and probably is far less workable on sqlite than postgres.I also have quite a bit of clutter in my token list from testing awful mad science c2s stuff.
Describe the solution you'd like.
A web interface in
/settingsfor inspecting and expiring tokens. Pleroma's was just a list of tokens, grant date, scope, expire date, and a button to expire each token immediately.Describe alternatives you've considered.
Direct DB access (checking the DB for tokens, deleting rows, etc) but that requires DB access and the know-how and is kind of inconvenient.
2FA will increase my comfort level here immensely but is not an entire substitute, it's more a sibling feature.
I've also considered the scorched earth approach of getting tokens I like set up, then setting Caddy to 403
/oauth/authorize, and then not worrying about token management because no one can get a token any more unless I remove the configuration 🙃 But again that's a self-hoster privilege.Additional context.
No response
The text was updated successfully, but these errors were encountered: