Closed gengkev closed 9 years ago
expiration of 1 year, perhaps? but that's pretty dumb, because then it's just like a password, except for it's not revokable, not even by changing the password. :\
the problem is that there's no method for refreshing a token. the suggested timeout of 120 seconds indicates that it's probably meant for very short-term use.
edit: wait, maybe changing the password will revoke it, i don't know
Auth schemes will probably change when Ion is implemented, anyway, so closing for now
This would have been really interesting for verifying that someone's FCPS student ID actually belonged to them, which was definitely not something I was considering for part of a project.
See https://github.com/tjcsl/iodine/blob/master/modules/auth/sso.mod.php5