Skip to content

Fix: PATs are not restricted in SSO user accounts anymore #2715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MuchoLucho wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix: PATs are not restricted in SSO user accounts anymore #2715

MuchoLucho wants to merge 2 commits into from
+2 −3

Conversation

@MuchoLucho
Copy link
Member

@MuchoLucho MuchoLucho commented Dec 12, 2025

For context check on MEN-6725

Changelog: None
Ticket: None

External Contributor Checklist

🚨 Please review the guidelines for contributing to this repository.

  • Make sure that all commits follow the conventional commit specification for the Mender project.

The majority of our contributions are fixes, which means your commit should have
the form below:

fix: <SHORT DESCRIPTION OF FIX>

<OPTIONAL LONGER DESCRIPTION>

Changelog: <USER-FRIENDLY-CHANGE-DESCRIPTION> or <None>
Ticket: <TICKET NUMBER> or <None>
  • Make sure that all commits are signed with git --signoff. Also note that the signoff author must match the author of the commit.

Description

Please describe your pull request.

Thank you!

nickanderson
nickanderson requested changes Dec 12, 2025
View reviewed changes
Copy link
Member

@nickanderson nickanderson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I think that we should call out the fact that if you are using external authentication like SAML SSO (i guess oauth as well or oidc) that disabling the user at the IDP is not sufficient to disable their personal access tokens. It must be done explicitly for the user (thought it will be revoked/invalidated) on specific account actions (plan level change, add-on add/removal). I wish we had an exhaustive list of what actions cause the PAT invalidation.

@MuchoLucho
Copy link
Member Author

MuchoLucho commented Dec 16, 2025

@nickanderson I agree. But I don't think it necesarily should be part of this PR. What do you think?

nickanderson
nickanderson requested changes Dec 16, 2025
View reviewed changes
Copy link
Member

@nickanderson nickanderson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do think we should call it out. To me it makes sense that it's in the same PR, it looks like there is a PAT section just above that is maybe a reasonable place to add a warning.

@olehermanse Opinion?

@MuchoLucho
Fix: PATs are not restricted in SSO user accounts anymore
b469617 
For context check on MEN-6725

Changelog: None
Ticket: None

Signed-off-by: Luis Ramirez <luis.ramirez@northern.tech>
@MuchoLucho MuchoLucho force-pushed the saml-personal-acces-token branch from 5011d34 to b469617 Compare January 23, 2026 23:21
@MuchoLucho
feat (personal access token): adds disclaimer identity providers don'…
f2c2894 
…t revoke PATs

Ticket: None
Changelo: None

Signed-off-by: Luis Ramirez <luis.ramirez@northern.tech>
nickanderson
nickanderson approved these changes Jan 24, 2026
View reviewed changes
Copy link
Member

@nickanderson nickanderson left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to.me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickanderson nickanderson nickanderson approved these changes

@olehermanse olehermanse Awaiting requested review from olehermanse

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MuchoLucho @nickanderson @olehermanse