Skip to content

Wakatime OAuth Refresh Token

Service Name: Wakatime

Service Description: WakaTime is a developer productivity and time tracking tool that automatically generates metrics and insights about programming activity. It integrates with various code editors and IDEs to track coding time and provides analytics on programming languages, projects, and coding habits.

Service Address: https://wakatime.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants long-term access to a user's WakaTime account data, including coding statistics, project information, and account settings. The refresh token can be used to obtain new access tokens without requiring user re- authentication.

Secret Revokement URL: https://wakatime.com/settings/account

Secret Example: r_def456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

Suspicious Activity Investigation Instructions:

  • Review the WakaTime dashboard for any unauthorized access or unusual activity patterns
  • Check for unexpected API calls or data exports in the account activity logs
  • Monitor for changes in account settings or connected applications
  • Verify all authorized applications in the WakaTime account settings
  • Look for unusual coding time patterns or projects that don't match your normal workflow

Mitigation Instructions:

  • Log in to your WakaTime account at https://wakatime.com/login
  • Navigate to Settings > Account
  • Under "Connected Applications," find and remove any unauthorized

applications

  • Click "Revoke" next to the compromised OAuth application
  • Generate a new API key if necessary (Settings > API Key)
  • Enable two-factor authentication for additional security
  • Review and update your account password
  • Check other services where you might have used the same password