New Suggested 1/27/2023 by Stefano Bagnatica

1

votes

More secure AutoLogin feature using server generated token

Hi, for having a more secure AutoLogin features, it would be possible to implement this behaviour: 

- external software execute an authenticated API call (server to server) that generate an unique token, given the user to logon and the shared secret
- the API call create and returns a unique token that reference or contains the user data
- external software redirect user to an AutoLogin link passing only the unique token
- after AutoLogin link is processed, the unique token is removed




Log in to comment...
get help Get help for this page
Powered by Jitbit HelpDesk