Currently login URLs can be passed on to others to sign-in from anywhere, with either good or bad intentions. This can be easily mitigated by embedding the origin of the user requesting the login URL in the token. The origin could be an IPv4 or IPv6 address.
This shouldn't pose a problem for roaming people as the time between a login request and the actual sign-in should be within a 60s timespan.
Currently login URLs can be passed on to others to sign-in from anywhere, with either good or bad intentions. This can be easily mitigated by embedding the origin of the user requesting the login URL in the token. The origin could be an IPv4 or IPv6 address.
This shouldn't pose a problem for roaming people as the time between a login request and the actual sign-in should be within a 60s timespan.