Skip to content
This repository was archived by the owner on Sep 21, 2024. It is now read-only.

[3] API should confirm that userID matches the Access Token #163

Open
bleafman opened this issue Aug 16, 2019 · 0 comments
Open

[3] API should confirm that userID matches the Access Token #163

bleafman opened this issue Aug 16, 2019 · 0 comments
Labels
back end Bugs/Implementation on server/DB stretch goal Features beyond MVP functionality - not to be addressed until MVP in place Tech Debt/Refactoring
Milestone
Security/Auth

Comments

@bleafman
Copy link
Member

bleafman commented Aug 16, 2019
edited
Loading

  • Currently, the client reads the access token's userID and requests that data from the server. Although it's an obfuscated identifier, it's not guaranteed to be secure since the userid can be manipulated.

  • Server should use the access token to verify what user information to send back.
@bleafman bleafman added back end Bugs/Implementation on server/DB stretch goal Features beyond MVP functionality - not to be addressed until MVP in place Tech Debt/Refactoring labels Aug 16, 2019
@bleafman bleafman added this to the Security/Auth milestone Aug 16, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
back end Bugs/Implementation on server/DB stretch goal Features beyond MVP functionality - not to be addressed until MVP in place Tech Debt/Refactoring
Projects
None yet
Milestone
Security/Auth
Development

No branches or pull requests
1 participant
@bleafman