Skip to content

Allow admins to revoke a user's Personal Access Token (PAT) #1377

New issue
New issue
Closed
#1415
Closed
Allow admins to revoke a user's Personal Access Token (PAT)#1377
#1415
Assignees
amvanbaren
Labels
EclipseFdnWork requested by the Eclipse FoundationenhancementRequest for new or improved functionalitypriority:highRequires urgent attention or blocks critical workflowssecurityVulnerabilities or improvements to harden security and protect user data
@chrisguindon

Description

@chrisguindon
chrisguindon
opened on Oct 23, 2025

We need to implement an administrative feature that allows authorized admin staff to revoke a user’s Personal Access Token (PAT) in cases where it has been reported or detected as publicly leaked.

When a PAT is revoked by an admin:

  • The system should immediately invalidate the token to prevent further use.
  • An automated email notification should be sent to the affected user, informing them that their PAT was revoked and advising them to generate a new one.

Use Case

This feature would help us respond quickly to security incidents, ensuring compromised tokens cannot be used maliciously while keeping users informed of the action taken.

Acceptance Criteria

  • Admins can revoke PATs for specific users via the admin panel.
  • Revoked tokens are immediately invalidated.
  • Users receive an automated email notification upon revocation.
  • All actions are logged for auditing purposes.

Metadata

Metadata

Assignees

Labels

EclipseFdnWork requested by the Eclipse FoundationenhancementRequest for new or improved functionalitypriority:highRequires urgent attention or blocks critical workflowssecurityVulnerabilities or improvements to harden security and protect user data

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions