Via OAuth - should 3:rd party apps be able to retain multiple access tokens per resource owner?
-
07-11-2019 - |
题
In the API we're developing, the access tokens are unique. With that I mean that there can only be one access token per application and user.
The consequence of this is that if a user authenticates the same third party desktop application on two computers, only the second will have a valid access token and the first will have to go through the authentication process again (the first access token will have been invalidated).
From a user experience perspective this is sub-optimal. From a security perspective it provides a minor benefit.
Curious to know how others have implemented access tokens in their APIs. One per user and app, or multiple?
没有正确的解决方案
不隶属于 StackOverflow