Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
Fluttercry2017-10-09 12:16:06
OAuth
Fluttercry, 2017-10-09 12:16:06

Oauth, how to properly implement refresh and access tokens for a user with multiple devices?

Hello!
I needed to authorize my users via oauth, the idea was simple, to do the same as described on Habré https://habrahabr.ru/company/Voximplant/blog/323160/ .
The villain stole tokens from the user and did not use the refresh - the user updated the token, and the villain was thrown out.
The villain stole tokens from the user and used a refresh - the user logged in, and the villain was thrown out again.
But here a problem arises - what to do if the user is sitting on several devices? When he logs in from the second computer, it cannot be distinguished whether the last session was taken away from him, and he re-logs in having lost his access token, or wants to save both sessions.
Of course, when logging in, you can also request a refresh for which it was not possible to update, but maybe there is an accepted and not a crutch method?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
U
uranus2352014-07-17 21:30:45
How to properly work with OAuth Facebook? 2Reply
V
Vladimir Grabko2016-09-02 12:55:44
How does it work in general? 0Reply
E
e_asphyx2014-09-04 15:55:30
Is it possible to use Facebook JS API at the same time as OAuth? 1Reply
C
cawakharkov2014-09-09 00:36:14
How to get code and access_token from FB via curl? 1Reply
N
Nikita2022-04-11 04:54:32
How to link the authorization of a WordPress site and a third-party application? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question