Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can we skip the "access token" flow and have the user login with just the password? #3

Open
fullmetal92 opened this issue Aug 19, 2021 · 1 comment
Open

Can we skip the "access token" flow and have the user login with just the password? #3

fullmetal92 opened this issue Aug 19, 2021 · 1 comment

Comments

@fullmetal92
Copy link

No description provided.

@charzlwebz256
Copy link

In most cases, it is not recommended to skip the access token flow and allow users to log in with just a password. The access token flow provides an additional layer of security by requiring users to provide a unique token that verifies their identity.

If you were to skip the access token flow, any user who knows the correct email and password could gain access to the account without any further authentication. This can create a security risk for both the user and the application.

However, there may be some situations where you can skip the access token flow. For example, if you are building an internal tool for your company and only your employees will have access to it, you might be able to skip the access token flow since the risk is lower.

Ultimately, whether or not you should skip the access token flow depends on the specifics of your application and the level of security you need to maintain

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fullmetal92 @charzlwebz256