Consider handling the case in which we get a duplicate token

ooni / orchestra

The OONI Probe Orchestration System

BSD 3-Clause "New" or "Revised" License

12 stars 5 forks source link

Consider handling the case in which we get a duplicate token #48

Open hellais opened 6 years ago

hellais commented 6 years ago

If a client sends us a duplicate token we should not be creating a new account for them or updating their token to that number, but maybe return an error.

This however makes the registry backend into an oracle that can confirm to third parties if a certain user is an OONI Probe user, which we may not want to do.

bassosimone commented 6 years ago

Xref: https://github.com/ooni/probe-ios/issues/180 https://github.com/ooni/probe-android/issues/151

lorenzoPrimi commented 6 years ago

When an app is uninstalled and reinstalled the token can sometimes be the same. This should be handeled server side