695259 - Remove oauth tokens etc when "active logins" are cleared

Status: RESOLVED FIXED

(Mozilla Labs :: F1, defect)

Description

[Mark Hammond [:markh] [:mhammond]]

If the user presses Ctrl+Shift+Delete and removes "Active Logins", all OAuth tokens should be removed and the apps should revert to a "not yet authorized" state.

Note that this will not cover the password manager having logins removed for 2 reasons:

* If you use the password manager, there will be no passwords remembered which relate to this auth.  IOW, if you manually removed each entry one-by-one, you would not have any effect on app auth - "remove all" should really act as if you did them all one at a time.

* Removing all logins does not reset the auth status for existing pages.  Eg, log in to twitter and remove all passwords, then refresh the twitter page - you are still logged in.  It is just when you manually log out of twitter or nuke the cookies, your password isn't remembered.

Comment 1

[Mark Hammond [:markh] [:mhammond]]

Attachment: Pointer to Github pull request: https://github.com/mozilla/openwebapps/pull/121

Pointer to Github pull-request

Comment 2

[Mark Hammond [:markh] [:mhammond]]

Attachment: Pointer to Github pull request: https://github.com/mozilla/fx-share-addon/pull/31

Pointer to Github pull-request

Comment 3

[Mark Hammond [:markh] [:mhammond]]

Comment on attachment 567677 [details]
Pointer to Github pull request: https://github.com/mozilla/fx-share-addon/pull/31

Against the fx-q3 branch as this *is* a hack that will not work with "real" apps.

Comment 4

[Shane Caraveo (:mixedpuppy)]

merged openwebapps patch https://github.com/mozilla/openwebapps/commit/5593b14394b06173173ed83db2a15e8a40671354

merged share patch https://github.com/mozilla/fx-share-addon/commit/e24096eab49cf797bc5584213901f5a161a00429

bug 695366 exists to figure out a permanent solution.