[wip] Revoke access token #5613
Conversation
There was a problem hiding this comment.
I don't think we will need to implement this for Cody Web since Cody Web doesn't need manual sign in with token (Vova please correct me if I'm wrong 😀 ). However I don't think the current implementation would work as intended because all the tokens that were imported manually before this change will now be treated as "AUTO" source and therefore be removed. This also will not treat the token input through the UI as "MANUAL".
It might make more sense to perform the deletion for all tokens regardless of their source in this case, Wdyt?
| @@ -177,7 +178,7 @@ async function showAccessTokenInputBox(endpoint: string): Promise<string | undef | |||
| }) | |||
|
|
|||
| if (typeof result === 'string') { | |||
| return result.trim() | |||
| return 'MANUAL_' + result.trim() | |||
There was a problem hiding this comment.
Would this mean token that were input manually before this change would be treated as "automatically" imported and will be removed on sign out?
We will remove the quick pick for sign in and move into a unified webview for auth. When we do, this solution will probably not going to work?
|
not sure if possible, but maybe you can try to match the note of the token to see if it is generated by IDE redirections to identify the ones that are auto generated: |
Draft to look at Linear issue
Problem Statement
When users sign in and out of Cody (VS Code extension) multiple times with the same account (more than 20 times), the system does not revoke old tokens, leading to an accumulation of active tokens. Eventually, this triggers the error shown in the login flow as users exceed the limit of active access tokens.
Solution
See video Proof
Test plan
Tested locally on both a local sourcegraph instance and with dotcom instance using Vscode cody.
Changelog