You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using Django Authentication currently with the /convert-token route across multiple devices, it's leading to an unexpected behavior of sharing authentication tokens. If one device revokes or refreshes the token, all other devices are put out of sync and cease to function properly.
To Reproduce
Steps to reproduce the behavior:
Start the authentication process on one device.
Use the same credentials to start the authentication process on another device.
Notice that the same token is being shared across multiple devices.
Refresh or revoke the token on one device.
See that other devices are now out of sync and not working properly.
Expected behavior
When Django Authentication is used on multiple devices, each device should have its unique token, even if the existing token is still valid. Also, when a token is revoked or refreshed in one device, it should not affect the functionality in other devices.
Screenshots
Desktop (please complete the following information):
OS: All
Browser: All
Version: All
Smartphone (please complete the following information):
Device: All
OS: All
Browser: All
Version: All
Additional context
A suggested fix could be that we should probably generate new tokens each time the create_token_response function is invoked. This should potentially ensure that every device has its own unique token, preventing overlap and reducing the risk of devices going out of sync.
The text was updated successfully, but these errors were encountered:
Describe the bug
When using Django Authentication currently with the /convert-token route across multiple devices, it's leading to an unexpected behavior of sharing authentication tokens. If one device revokes or refreshes the token, all other devices are put out of sync and cease to function properly.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
When Django Authentication is used on multiple devices, each device should have its unique token, even if the existing token is still valid. Also, when a token is revoked or refreshed in one device, it should not affect the functionality in other devices.
Screenshots
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
A suggested fix could be that we should probably generate new tokens each time the create_token_response function is invoked. This should potentially ensure that every device has its own unique token, preventing overlap and reducing the risk of devices going out of sync.
The text was updated successfully, but these errors were encountered: