question: Forcing a refresh or deletion of the CLI access token. #830
Description
What is your question? Please describe.
If I look in credentials.json I can see my access token and its expiry date and indeed I occasionally use that access token outside of the CLI so I know it is the real deal.
If I run smartthings logout then credentials.json is cleared. That seems reasonable.
If I login again the same access token and expiry date are shown in credentials.json. Is that really supposed to happen? Logging out and logging in again feels like it ought to start over with a new token.
Out of curiosity I changed the time on my laptop to after the expiry time and logged out and logged in again. The same access token was active but now the expiry time in credentials.json had been extended.
I was using the CLI just after the original expiry time of the access token and started getting a 401 error. It appears the access token expired as it should have done but the CLI was no longer aware of the expiry time and didn't refresh it.
After logging out and logging in again the access token has now changed, but that is just because the token expired.
So let's assume my CLI access token was compromised (because it potentially was). What would have been the correct immediate action to invalidate it?