Open ghost opened 6 years ago
ppieczul
commented
6 years ago BTW the authorization using stored token has a wrong description in the API spec - the string to hash is not "user:token", but "token". Maybe this is a bug in the Loxone which will get fixed, but that's how it works now.
ghost
commented
6 years ago Thought so, thank you.
Pawel Pieczul notifications@github.com schrieb am So. 17. Dez. 2017 um 00:24:
BTW the authorization using stored token has a wrong description in the API spec - the string to hash is not "user:token", but "token". Maybe this is a bug in the Loxone which will get fixed, but that's how it works now.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/alladdin/node-lox-ws-api/issues/14#issuecomment-352219019, or mute the thread https://github.com/notifications/unsubscribe-auth/AHwdR6XlaLcmFHq8isTecWhjRvBYJ0n_ks5tBFE9gaJpZM4QPOpE .
Hello,
token enc encryption gets a new token every time the auth/connection is newed. This also means, since new salt each time on reconnect, that the password either needs to be stored or the user would have to enter t every time again, which collided with the sense of using a token in the first place. Shouldn’t tokens be stored permanently and then on authorization if a token is present only the token is refreshed and only if this fails the password has to be provided again?
Regards