ajeygore
commented
6 years ago Done! we now have user and API specific tokens. Which can be used to access gate as generic token as well and API auth tokens.
Closed kingsly closed 6 years ago
ajeygore
commented
6 years ago Done! we now have user and API specific tokens. Which can be used to access gate as generic token as well and API auth tokens.
Presently Gate allows API keys/access tokens to call any API (and indefinitely.) So a compromised token can be used to make unauthorised calls to all APIs.
API keys/access tokens should be linked to a specific API.
There should also be an option to have time limited access tokens which will stop working after a specific time.