Does "Wipe Device" also remove access to the device?

Hello,

we run Nextcloud 20 and I have a question regarding the “Wipe device” option.
Does this (as probably expected) also remove any access to the API? i.e. is it possible to still do sync using the token after clicking on “Wipe device” but without “Revoking” the token?
I guess, this is not the case but I just want to be sure (as a device of mine got stolen a few days ago and I wonder whether “Wipe device” really suffices).
I could not find this in the documentation.

Kind regards

I think the best way is to test it with a test user and a test device for your nextcloud installation. I think with remove the actual account itself also all token on the client side are deletec.

The client must remove all user data linked to the account. This includes:

    caches
    offline files
    the actual account itself

Remote wipe

1 Like

I think the best way is to test it with a test user and a test device for your nextcloud installation. I think with remove the actual account itself also all token on the client side are deletec.

Yes, I think so too. But I wonder whether it is possible to

  • read the token from the filesystem and
  • use the token to retrieve data from the server

without using / opening the client app (on a corrupted stolen device) although the token was set to “Wipe Device” prior to that.
I don’t know enough of the server / client architecture in order to test this myself. Maybe someone who developed the “Wipe” feature or someone having deep insight into the API Access System could answer this question.

If this is really a problem please open an issue . If you have not an account at Github you can post your issue here or send me a PN. Then i post the issue for you. Please repeat all and document the example.

As I think this is only a documentation issue, I opened an issue at Does Wiping also remove the API access of the device? · Issue #7199 · nextcloud/documentation · GitHub