Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.1
    • Fix Version/s: 1.15
    • Component/s: Provider
    • Labels:
      None
    • Similar issues:

      Description

      The stored token is used to compare it with a passed token exactly like a password so there is no reason to keep it in clear in the database.

      This will be important when we start supporting that token for something else than user profile information (which are usually readable by anyone anyway).

      The only difficulty is finding a way to knows which user this token is referring to. I guess we can probably set the user reference in the optional access token scope, need to see if that make sense. It could also be part of the token value itself (<user reference>|<random string>).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tmortagne Thomas Mortagne
                Reporter:
                tmortagne Thomas Mortagne
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: