Authorized Application
When trying to "Destroy" (should use the word revoke) an application's API access, it leads to a 404 and doesn't remove the applications access to the API.
I am talking about here on gitlab.com (maybe this should be a different repository)?
Activity
The following page is what leads to a 404.
https://gitlab.com/profile/applications
Clicking "Destroy" for a application results in a 404 and API access is not revoked.
@williamcheung Security issues are usually handled quickly if they are notified via security@gitlab.com. See: https://about.gitlab.com/disclosure/
Hey Stan, yep, that's right. When I go to https://gitlab.com/profile/applications and click Destroy on an app under "Authorized applications", I get a 404. I added several apps for testing and now I can't revoke them and since they have api scope the devs can do whatever they want with my account I guess. So emailing security@gitlab.com is the way to report the issue?
@williamcheung for the time being if you absolutely need to revoke an application's ability to access your account, https://gitlab.com/oauth/authorized_applications works perfectly fine. I'm currently trying to figure out a fix right now.
mentioned in merge request !3689 (closed)
mentioned in merge request !3690 (merged)
Milestone changed to 8.6
@connorshea Awesome, the workaround works. Just it redirects to /profile/applications after the Revoke which is inconvenient for revoking multiple apps which I just did.
Status changed to closed by commit 0c082d5e
mentioned in commit 0c082d5e
mentioned in commit c7e384aa
mentioned in commit dd9ced0a
mentioned in commit 248c0624
Mentioned in commit pfjason/gitlab-ce@dd9ced0a
