Uploaded image for project: 'Wookie'
  1. Wookie
  2. WOOKIE-384

persist parameter of oAuth feature not user-isolated

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.13.0
    • Feature Management
    • None
    • Windows 7, Chrome

    Description

      When I use the "persist" parameter of the oAuth feature (which is the default), every other user will automatically use my token after I have approved access.
      This results in a severe security issue, e.g., my google contact list being shown to someone else.
      Using "false" for the parameter value, I have to re-authenticate every try (which is okay).

      The behaviour for "true" should instead be to cache the token for every individual user (i.e., widget instance).

      Attachments

        Activity

          People

            Unassigned Unassigned
            javafrog Matthias Niederhausen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 3h
                3h
                Remaining:
                Remaining Estimate - 3h
                3h
                Logged:
                Time Spent - Not Specified
                Not Specified