Need a way to prevent an app from *accidentally* removing its own enrollment

[gkc]

Is your feature request related to a problem? Please describe.

Possibility that a user, managing enrollments, accidentally revokes their current enrollment. This would be super annoying and difficult, perhaps impossible to recover from.

Describe the solution you'd like

• enroll:revoke throws an exception if the enrollment being revoked is the current connection's enrollment
• add an extra parameter to allow the user (or app) to make the revoke request with some sort of "yes I know what I'm doing" flag e.g. 'force' or 'revokeself'
• this flag could be added to EnrollParams
• or we could modify the enroll verb syntax to allow enroll:revoke:revokeself:$enrollParamsJson or enroll:revoke:force:$enrollParamsJson

Describe alternatives you've considered

No response

Additional context

No response

[murali-shris]

@gkc

1. if enrollment being revoked is current connection enrollment
   1.1 enroll:revoke:{"enrollmentId":"123"} - throw Exception
   1.2 enroll:revoke:force:{"enrollmentId":"123"} - revoke the enrollment
2. if enrollment being revoked is some other client enrollment
   2.1 enroll:revoke:{"enrollmentId":"123"} - revoke the enrollment
   2.2 enroll:revoke:force:{"enrollmentId":"123"} - revoke the enrollment

Are these scenarios correct?

[gkc]

Yes they are