nichtich
commented
11 years ago Use change_password. I am not sure yet how to include this in the specification because I want to keep PAIA core and PAIA auth more separated and because of security.
Closed shiphrah closed 11 years ago
nichtich
commented
11 years ago Use change_password. I am not sure yet how to include this in the specification because I want to keep PAIA core and PAIA auth more separated and because of security.
shiphrah
commented
11 years ago If an access-token is required for change, the parameter old_password seemst to be redundandt to me.
shiphrah
commented
11 years ago sorry, accicdently closed :-(
nichtich
commented
11 years ago I introduced the scope change_password but it should only be used in PAIA auth. The old_password is redundant in fact, but it adds another little piece of security: one cannot steal an account just with the access_token.
We need a dedicated scope for "change" in paia-auth