New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalidation of tokens #13

Open
rubendel opened this Issue Sep 4, 2013 · 0 comments

Comments

Projects
None yet
2 participants
@rubendel
Member

rubendel commented Sep 4, 2013

Created tokens should have a user-specific nonce which is also stored in the User object. When a user changes it's password, or when the user is enabled/disabled, this nonce should be updated (incremented for example, or synced with time), thus invalidating all existing tokens for this user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment