What steps will reproduce the problem?
1.Generate access token
2.After the access token is generated we could use that for accessing resource
any number of times and from any clients. Which is a big security issue.
What is the expected output? What do you see instead?
Access token should be valid for a certain duration and should be available for
only requesting client. Suppose if I generate access token and avail the
service in IE then same should not work for other browser.
What version of the product are you using? On what operating system?
Downloaded the latest version. Using in Linux operating system.
Please provide any additional information below.
Original issue reported on code.google.com by surath.m...@gmail.com on 9 Aug 2012 at 7:31
Original issue reported on code.google.com by
surath.m...@gmail.comon 9 Aug 2012 at 7:31