Closed adamperez closed 7 years ago
I'm not sure I understand. Tokens are given with a 10 minute expiration. One related limitation that has been pointed out before (and I agree with), is that with the current structure you can use a token that is nearing its expiration to request another token, thus giving you the ability to have unlimited supply of tokens. This is acceptable for many low-security applications, but definitely not recommended in general.
In later tutorials I have made changes that require the credentials that are sent to request a token to be username and password, so passing a token would not allow you to request a new token.
Ideally, I was hoping to make only one request for a token, then have a frontend application, or any call to my flask app, need to use just that one token without refreshing.
However, I think this can be achieved by sending user and pass in the header every time.
Yes. You can also change the code to generate a token that does not expire, that is available as an option in itsdangerous.
Awesome thank you so much for your input!
With this setup, is it possible to set an auth token to never time out? I've tried passing a negative value to see if that would work but it seems unsupported.