Enhance token rotation workflow when PAT expiry is not enforced
Problem to solve
We introduced an in-app banner as part of #214723 (closed), to notify the user when their personal access token(s) has expired or is about to expire. The user is also given an option to 'Generate a new token'.
On generating the token, the expired tokens continue to remain in an expired state and is usable.
This issue aims to enhance this behavior, by communicating the token state in a better way to the user, and providing an option to revoke/rotate them.
Few suggestions were noted in a comment here:
- Use status icons on the credentials similar to what we're proposing in #214809 (closed)
- Automatically revoke expired tokens with a separate feature (a la #214723 (comment 358376169))
- Maybe add a
Rotate
button (or similar) to the expiring/expired tokens to regenerate in a single action
Note: The enhancement is applicable only when PAT expiry is not enforced.
Intended users
User experience goal
Proposal
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Edited by Aishwarya Subramanian