Skip to content

Use something more secure than bearer tokens for auth #259

Open
@richvdh

Description

@richvdh

moving access_tokens to the http headers mitigated it, but it's still quite easy to leak an access_token, in which case, you lose. Perhaps we should consider using something like OAuth 1 signatures, like twitter: https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-Client-ServerIssues affecting the CS APIfeatureSuggestion for a significant extension which needs considerable consideration

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions