Skip to content

Allow admins to revoke a user's Personal Access Token (PAT) #1377

New issue
New issue
Open
Open
Allow admins to revoke a user's Personal Access Token (PAT)#1377
@chrisguindon

Description

@chrisguindon
chrisguindon
opened on Oct 23, 2025

We need to implement an administrative feature that allows authorized admin staff to revoke a user’s Personal Access Token (PAT) in cases where it has been reported or detected as publicly leaked.

When a PAT is revoked by an admin:

  • The system should immediately invalidate the token to prevent further use.
  • An automated email notification should be sent to the affected user, informing them that their PAT was revoked and advising them to generate a new one.

Use Case

This feature would help us respond quickly to security incidents, ensuring compromised tokens cannot be used maliciously while keeping users informed of the action taken.

Acceptance Criteria

  • Admins can revoke PATs for specific users via the admin panel.
  • Revoked tokens are immediately invalidated.
  • Users receive an automated email notification upon revocation.
  • All actions are logged for auditing purposes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions