Open Subroutine7901 opened 7 months ago
makes sense, would need to be communicated to frontend though or just force relogin which is kinda stupid though
I think he mentioned relogging in being how they did it, maybe make them expire every few days? We need to do research.
we could do a discord and just have it reset on password or username change, but also we should probably move to a better hashing algorithm with more output bytes
Yeah, wait discord does that?
your discord token only changes when you change your password i believe
So aparently logging out invalidates it. Also tokens are per session, so uhhh https://www.reddit.com/r/discordapp/comments/vrotde/how_do_tokens_work/
ok
gonna rename this to "rework tokens" because we kinda need to
Ok uh with this
makes sense, would need to be communicated to frontend though or just force relogin which is kinda stupid though
we have the frontend delete the invalidated account in the account switcher and do the same thing as adding a new account for the account switcher, with the username maybe filled in already??? also a prompt or modal for it would be good too
yknow we could just use django to manage accounts when this happens
Pretty much I talked to a guy who's made actual big company auth systems and he said that having tokens that expire is actually a good idea