Many applications use the api key name to validate account ownership and to prevent key misuse.
One regular challenge is that users get their key rejected due to the key being named incorrectly.
Users will then go ahead and rename the key, put it into the application again, and get their key rejected again because the api cache still reports the old name.
While applications usually mention that users should provide a new key for this reason, many users are insecure around technology and a human needs to tell them again that a new key is necessary.
Implementation
Invalidating the tokeninfo cache when a user renames their key would solve this issue.
Feature Description
Many applications use the api key name to validate account ownership and to prevent key misuse. One regular challenge is that users get their key rejected due to the key being named incorrectly. Users will then go ahead and rename the key, put it into the application again, and get their key rejected again because the api cache still reports the old name. While applications usually mention that users should provide a new key for this reason, many users are insecure around technology and a human needs to tell them again that a new key is necessary.
Implementation
Invalidating the
tokeninfocache when a user renames their key would solve this issue.Example
No response
Anything else?
No response