New Suggested 1/27/2023 by Stefano Bagnatica
1
votesMore secure AutoLogin feature using server generated token
Hi, for having a more secure AutoLogin features, it would be possible to implement this behaviour:- external software execute an authenticated API call (server to server) that generate an unique token, given the user to logon and the shared secret
- the API call create and returns a unique token that reference or contains the user data
- external software redirect user to an AutoLogin link passing only the unique token
- after AutoLogin link is processed, the unique token is removed
Log in to comment...