trinkey
commented
7 months ago makes sense, would need to be communicated to frontend though or just force relogin which is kinda stupid though
Open Subroutine7901 opened 7 months ago
trinkey
commented
7 months ago makes sense, would need to be communicated to frontend though or just force relogin which is kinda stupid though
Subroutine7901
commented
7 months ago I think he mentioned relogging in being how they did it, maybe make them expire every few days? We need to do research.
trinkey
commented
7 months ago we could do a discord and just have it reset on password or username change, but also we should probably move to a better hashing algorithm with more output bytes
Subroutine7901
commented
7 months ago Yeah, wait discord does that?
trinkey
commented
7 months ago your discord token only changes when you change your password i believe
Subroutine7901
commented
7 months ago So aparently logging out invalidates it. Also tokens are per session, so uhhh https://www.reddit.com/r/discordapp/comments/vrotde/how_do_tokens_work/
trinkey
commented
7 months ago ok
trinkey
commented
4 months ago gonna rename this to "rework tokens" because we kinda need to
Subroutine7901
commented
2 months ago Ok uh with this
makes sense, would need to be communicated to frontend though or just force relogin which is kinda stupid though
we have the frontend delete the invalidated account in the account switcher and do the same thing as adding a new account for the account switcher, with the username maybe filled in already??? also a prompt or modal for it would be good too
trinkey
commented
2 months ago yknow we could just use django to manage accounts when this happens
Pretty much I talked to a guy who's made actual big company auth systems and he said that having tokens that expire is actually a good idea