react when user unauthorizes via OAuth provider

[mat-0]

Was: option to delete account, change image and remove accounts when auth denied

1. added both twitter and github accounts, image persists with github image want twitter image.
2. removed github permissions from github, image and account persists on gittip.
3. no option to delete accounts.
4. no option to delete gittip account either.

thanks

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[chadwhitacre]

Thanks @kutf! I've added +1s for you to:

• connect a gravatar account (connect a gravatar account #648)
• implement account disconnect (implement account disconnect #639)
• add ability to deactivate account (add ability to deactivate account #54)

Let's keep this ticket for point 2 above.

[chadwhitacre]

+1 from @tarsius in private email.

[Changaco]

We can't because we're not notified of revocations.

[chadwhitacre]

We can't because we're not notified of revocations.

You've confirmed this with Twitter and GitHub?

[Changaco]

You've confirmed this with Twitter and GitHub?

I've looked at the docs, I haven't found any way to get notified of revocations. I don't know any OAuth provider who has webhooks for that.

[chadwhitacre]

Okay. Seems like a wart.

[chadwhitacre]

Somehow Freshdesk is reacting to Facebook revocations:

Reopening.

[rohitpaulk]

From https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2

You can enable a deauthorize callback via the App Dashboard. Just go to your app, then choose the Settings menu, and finally the Advanced tab. A text field is provided for the Deauthorize Callback URL.

Whenever a user of your app de-authorizes it, this URL will be sent an HTTP POST containing a signed request. Read our guide to parsing the signed request to see how to decode this to find out the user ID that triggered the callback.

[chadwhitacre]

+1 https://hackerone.com/reports/129209

[sushil1208]

How can an attacker attack through the report 129209??

[chadwhitacre]

@sushil1208 Sorry, I don't understand. :-( Can you rephrase the question?

[chadwhitacre]

Closing in light of our decision to shut down Gratipay.

Thank you all for a great run, and I'm sorry it didn't work out! 😞 💃