Deauthorizing a 1Password X device doesn't remove the account from the extension

When you deauthorize a 1Password X device, the account doesn't get removed from the extension. You can still log in with the master password and get access to all the passwords, even though the extension has a connection to the internet and should've been deauthorized. The only indication that the extension has been deauthorized is when new items won't sync.


1Password Version: Not Provided
Extension Version: 1.16.2
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ceceliacecelia

    Team Member
    edited December 2019

    Hey @a2312! Thanks for writing in about this. I hadn't previously tried to deauthorize a device from 1Password X that way, but now that I have I'm able to reproduce the behavior you reported and agree that 1Password X could behave better here. The first thing that came to mind was that we could at least provide a notification letting you know the device was de-authorized or requires re-authorization. I'm rightfully not the authority on such things, though, so I've filed an issue. It's on our developers' radar now — Thank you again so much for taking the time to share your findings. :)

    ref: dev/core/core#524

This discussion has been closed.