OneDrive
Feedback by UserVoice

I suggest you ...

← OneDrive Archive

Fix OAuth Authentication Bug

Am working with an Android application using the LiveSDK (https://github.com/liveservices/LiveSDK-for-Android) for accessing One Drive.

I have initialized the LiveConnectClient instance by obtaining the user consent with wl.signin, wl.basic, wl.skydriveupdate, wl.offlineaccess scopes. Even after the revoking the app permission in web, using the same LiveConnectClient instance the app can be able to perform create, delete and update operations on all the files and folders. I think this not what OAuth authentication is meant for.

Solution :

The permission for the application should be denied at the moment the user revokes the app permissions. Now even after an hour I can be able to access the drive with the same LiveConnectClient instance.

3 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Sankar V shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

OneDrive Archive: Bugs

Categories

Feedback and Knowledge Base

(thinking…)


OneDrive Tech Community

UserVoice Terms of Service & Privacy Policy