ughimire / oauth-php

Automatically exported from code.google.com/p/oauth-php
MIT License
0 stars 0 forks source link

No restriction for access token usage #126

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1.Generate access token
2.After the access token is generated we could use that for accessing resource 
any number of times and from any clients. Which is a big security issue.

What is the expected output? What do you see instead?
Access token should be valid for a certain duration and should be available for 
only requesting client. Suppose if I generate access token and avail the 
service in IE then same should not work for other browser.

What version of the product are you using? On what operating system?

Downloaded the latest version. Using in Linux operating system.

Please provide any additional information below.

Original issue reported on code.google.com by surath.m...@gmail.com on 9 Aug 2012 at 7:31