Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revisit auth token refresh & expiry #169

Open
archived-m opened this issue Sep 8, 2017 · 1 comment
Open

Revisit auth token refresh & expiry #169

archived-m opened this issue Sep 8, 2017 · 1 comment
Labels
enhancement security
Milestone
September Beta

Comments

@archived-m
Copy link
Contributor

Mobile users should not have to log in as much as they have to. Check & follow best practices for authentication
@archived-m archived-m added this to the September Beta milestone Sep 8, 2017
@archived-m
Copy link
Contributor Author

Mobile tokens should never expire or last for a very long time, so I'd set a request header in the mobile app that we verify server-side. We can then determine token expiry time based on who requested it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security
Projects
None yet
Milestone
September Beta
Development

No branches or pull requests
1 participant
@archived-m