Time sensitive token
arjunmenon opened this issue · comments
Hey
Can you tell me the logic to add a expiry period for the tokens, like Facebook/Google Api's have?
This would be a good security feature.
Are you looking for something different than
config.token_lifetime = 30.days
within knock.rb?
Hey
So if I set it to 30.minutes
, how is the user flow?
Facebook generally ask the server to generate long-lived access token not the client, after user permission
Google gives a authorization token after user/password step which is then used to get a access token.
Does knock do the same? Is the user required to login again, after expiry of token?
@arjunmenon: no, knock does not provide this kinds of tokens. knock generates a token thats valid for a period of time (config.token_lifetime
) and then its invalid -> user has to log in again.
if you need this kind of service, then devise might be the thing you're looking for.
Closing this issue since it seems to be answered in a good way and is already open for a long time :)