No password confirmation for clients (and bearer?) #8117
Labels
1. to develop
Accepted and waiting to be taken care of
client: 💻 desktop
client: 🤖🍏 mobile
enhancement
feature: authentication
Comments
rullzer
added
enhancement
1. to develop
|
Makes sense, I guess. |
|
Well, as long as creating an app password is not possible without confirmation of the password, I'm fine with this. |
|
@nickvergessen good point. Same goes for the password change. Ok I'll look into that and report back |
🧐 |
|
Related to nextcloud/android#1925 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have the password confirmation on the web if you want to change certain things.
However, now that there is work on android to make (some) user info editable this becomes kind of annoying. We don't store the user password on android (we use the client login flow).
I think it would make sense to not enforce the login flow on client requests (or bearer auth for that matter).
Any opinions? @MorrisJobke @nickvergessen @schiessle @ChristophWurst ?
The text was updated successfully, but these errors were encountered: