Remove refresh token from user Keychain - Advice please

macmanmk
Contributor

I need to be able to remove a token from a user's login keychain and seem to be having some trouble with the script in a test environment. Here is the script I'm using...

#!/bin/sh

loggedInUser=$( ls -l /dev/console | awk '{print $3}' )

security delete-generic-password /Users/$loggedInUser/Library/Keychains/login.keychain -l "NetDocuments Refresh Token"

When I run the script via policy, it seems to work successfully the first time. I see the token removed from the keychain. I can recreate the token by signing into e-mail again, but when I flush the policy and run the token removal script again, the token isn't removed. The policy shows that it completed successfully, but the token isn't actually removed. I'm a little hesitant to deploy a policy if I can't get consistent results. Is there something I am doing wrong?

0 REPLIES 0