Token enc #14
Comments
|
BTW the authorization using stored token has a wrong description in the API spec - the string to hash is not "user:token", but "token". Maybe this is a bug in the Loxone which will get fixed, but that's how it works now. |
|
Thought so, thank you.
Pawel Pieczul <[email protected]> schrieb am So. 17. Dez. 2017 um
00:24:
… BTW the authorization using stored token has a wrong description in the
API spec - the string to hash is not "user:token", but "token". Maybe this
is a bug in the Loxone which will get fixed, but that's how it works now.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#14 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHwdR6XlaLcmFHq8isTecWhjRvBYJ0n_ks5tBFE9gaJpZM4QPOpE>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
token enc encryption gets a new token every time the auth/connection is newed. This also means, since new salt each time on reconnect, that the password either needs to be stored or the user would have to enter t every time again, which collided with the sense of using a token in the first place.
Shouldn’t tokens be stored permanently and then on authorization if a token is present only the token is refreshed and only if this fails the password has to be provided again?
Regards
The text was updated successfully, but these errors were encountered: