Skip to content

Revoke and Remove Tokens on Disconnect#1064

Open
n7studios wants to merge 7 commits intomainfrom
revoke-access-token
Open

Revoke and Remove Tokens on Disconnect#1064
n7studios wants to merge 7 commits intomainfrom
revoke-access-token

Conversation

@n7studios
Copy link
Copy Markdown
Contributor

@n7studios n7studios commented Apr 7, 2026
edited
Loading

Summary

When the user clicks the Disconnect button at Settings > Kit:

  • Revokes the access and refresh tokens by calling the oauth/revoke endpoint
  • Removes the v3 API Key, v3 API Secret, v4 Access Token, v4 Refresh Token and v4 Token Expires settings from the database

Testing

  • testCredentialsAndResourcesAreDeletedOnDisconnect: end to end test confirming that the API Key, Secret, Access Token and Refresh Token are deleted from the Plugin.
  • testCredentialsDeletedAndInvalidWhenRevoked: integration test confirming that the credentials are deleted from the Plugin and no longer work i.e. are revoked, when the API's revoke_tokens method is called.

Checklist

@n7studios n7studios self-assigned this Apr 7, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 7, 2026

WordPress Playground

🚀 Your PR has been built and is ready for testing in WordPress Playground!

Click here to test your changes in WordPress Playground

@n7studios n7studios requested review from a team, ciccio-kit and noelherrick and removed request for a team April 7, 2026 06:17
@n7studios n7studios marked this pull request as ready for review April 7, 2026 06:17
noelherrick
noelherrick reviewed Apr 7, 2026
View reviewed changes
includes/functions.php

// Delete Access and Refresh Tokens.
$settings = new ConvertKit_Settings();
$settings->delete_credentials();
Copy link
Copy Markdown
Contributor

@noelherrick noelherrick Apr 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this delete all the keys such as CONVERTKIT_API_KEY? Are we storing those in the WordPress plugin?

Copy link
Copy Markdown
Contributor Author

@n7studios n7studios Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've updated delete_credentials to also remove the API Key and Secret.

@n7studios n7studios changed the title Revoke Access Token on Disconnect Revoke and Remove Tokens on Disconnect Apr 8, 2026
@n7studios n7studios requested a review from noelherrick April 8, 2026 02:46
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2026

WordPress Playground

🚀 Your PR has been built and is ready for testing in WordPress Playground!

Click here to test your changes in WordPress Playground

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ciccio-kit ciccio-kit Awaiting requested review from ciccio-kit ciccio-kit was automatically assigned from Kit/wordpress

@noelherrick noelherrick Awaiting requested review from noelherrick

@mercedesb mercedesb Awaiting requested review from mercedesb

@tskupinski tskupinski Awaiting requested review from tskupinski

@cheemurakami cheemurakami Awaiting requested review from cheemurakami

Assignees

@n7studios n7studios

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@n7studios @noelherrick