Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Windows 7, Chrome
Description
When I use the "persist" parameter of the oAuth feature (which is the default), every other user will automatically use my token after I have approved access.
This results in a severe security issue, e.g., my google contact list being shown to someone else.
Using "false" for the parameter value, I have to re-authenticate every try (which is okay).
The behaviour for "true" should instead be to cache the token for every individual user (i.e., widget instance).