dgrubelic
commented
7 years ago Your concern is why every response can update access token instead of just requests where you do login/register/authenticate?
Open paulvanbladel opened 7 years ago
dgrubelic
commented
7 years ago Your concern is why every response can update access token instead of just requests where you do login/register/authenticate?
paulvanbladel
commented
7 years ago yes indeed. In my understanding only the authenticate response from token service is relevant, but I might be wrong of course.
dgrubelic
commented
7 years ago Thanks for reporting this, I'll think about potential solutions. This look like a bad idea to me, too.
codeitlikemiley
commented
6 years ago please fix this, even if the endpoint is not using the one we specified on login, logout, register, providers it intercept any data with a key of access_token , if i have other api calls making, it catches that access_token even if it is not relevant....
It automatically logs me out of my application since a new Token which is not set by my authorization endpoint is being set, coz it is being intercepted even if not part of the the following, login, logout, register, provider
Hi,
In vue-authenticate-site, I see you set by means of a response interceptor, the received token to local storage. Just wondering if this is really necessary and potentially a security risk? Wouldn't it be enough to set the token to local storage only when the response to an authenticate request to the Security service is received?