Wakatime OAuth Refresh Token
Service Name: Wakatime
Service Description: WakaTime is a developer productivity and time tracking tool that automatically generates metrics and insights about programming activity. It integrates with various code editors and IDEs to track coding time and provides analytics on programming languages, projects, and coding habits.
Service Address: https://wakatime.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants long-term access to a user's WakaTime account data, including coding statistics, project information, and account settings. The refresh token can be used to obtain new access tokens without requiring user re- authentication.
Secret Revokement URL: https://wakatime.com/settings/account
Secret Example: r_def456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
Suspicious Activity Investigation Instructions:
- Review the WakaTime dashboard for any unauthorized access or unusual activity patterns
- Check for unexpected API calls or data exports in the account activity logs
- Monitor for changes in account settings or connected applications
- Verify all authorized applications in the WakaTime account settings
- Look for unusual coding time patterns or projects that don't match your normal workflow
Mitigation Instructions:
- Log in to your WakaTime account at https://wakatime.com/login
- Navigate to Settings > Account
- Under "Connected Applications," find and remove any unauthorized
applications
- Click "Revoke" next to the compromised OAuth application
- Generate a new API key if necessary (Settings > API Key)
- Enable two-factor authentication for additional security
- Review and update your account password
- Check other services where you might have used the same password