Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store token rather than credentials #351

Closed
SchrodingersGat opened this issue May 13, 2023 · 1 comment · Fixed by #434
Closed

Store token rather than credentials #351

SchrodingersGat opened this issue May 13, 2023 · 1 comment · Fixed by #434
Labels
security

Comments

@SchrodingersGat
Copy link
Member

Currently the user credentials are stored (securely), rather than the token.

This means that revoking the token (from the server) does not prevent the app from logging back in.

Instead, we should request and store the token, and if the auth fails, the user has to re-enter their username/password.
@SchrodingersGat SchrodingersGat mentioned this issue May 30, 2023
Closed
6 tasks
@SchrodingersGat
Copy link
Member Author

Token should also be scoped to the app - don't allow use of generic or other tokens

@SchrodingersGat SchrodingersGat mentioned this issue Sep 14, 2023
Open
@SchrodingersGat SchrodingersGat mentioned this issue Oct 4, 2023
Merged
8 tasks
@SchrodingersGat SchrodingersGat mentioned this issue Oct 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Token auth inventree/inventree-app
1 participant
@SchrodingersGat