User can create and use multiple tokens.

miguelgrinberg / REST-auth

Example application for my RESTful Authentication with Flask article.

http://blog.miguelgrinberg.com/post/restful-authentication-with-flask

MIT License

921 stars 337 forks source link

User can create and use multiple tokens. #3

Closed N07070 closed 5 years ago

N07070 commented 8 years ago

Hello.

When using the example to create a token, all is functionnal. But, they may be a bug : When the user creates a token, he can then use this token to create another token. Then, both tokens can be used to access the protected resource.

Maybe this should not be allowed, and that only the lastly created token can be used.

Cheers.

miguelgrinberg commented 8 years ago

I don't see the having two valid tokens as a real problem, but being able to get a token using another token is something that should be improved. For more secure implementation tokens should only be requested using credentials, not with a previous token.

miguelgrinberg commented 5 years ago

This issue will be automatically closed due to being inactive for more than six months. Please reopen if you need more assistance.