Personal Access Token SSO Reset Without Changes

I opened an existing personal access token to view the details and take a screenshot and despite not changing anything, GitHub reset the token’s SSO state.

  1. Navigated to Settings > Developer Settings > Personal Access Tokens
  2. Clicked on an existing token that had SSO enabled to view details
  3. Navigated away from the token page
  4. Was prompted to save or discard changes even though I didn’t make any
  5. Elected not to save any changes
  6. SSO was reset on the token anyway
  7. As a result GitHub actions using the token started failing as SSO was no longer enabled

I could see resetting the token’s SSO state if I had actually made a change and saved it but I chose not to. Either way when the token SSO state gets disabled the web page should make it clear. As it stands it’s easy to miss that and then builds start failing later on that were previously working and not changed themselves.

Environment

  • Browser - Microsoft Edge Chromium Version 86.0.622.38 (Official build) (64-bit)
  • OS - Mac OS Catalina 10.15.7 (19H2)

For anything regarding your SSO and tokens, I would strongly suggest you create a ticket so this can be investigated privately.