Announcement

Collapse
No announcement yet.

Release 7.4.1: Disable random token generation for login process

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Release 7.4.1: Disable random token generation for login process

    A new property was added to the existing login.properties file:

    # The Random-Token is a one time token with a limited lifetime, which is used to initiate sessions through 3rd party applications or
    # websites. It is a UUID, generated by the backend via default Java UUID implementation. This token is deprecated and disabled by default.
    # Setting this to false will prevent a random token from being written as part of the login response and prevent logins via a random
    # token.
    com.openexchange.ajax.login.randomToken=false

    The consequences:
    - The login response does no longer contain a random token (http://oxpedia.org/wiki/index.php?title=Login_variations#Random) by default

    - The login?action=redirect (http://oxpedia.org/wiki/index.php?title=HTTP_API#Redirect) and login?action=redeem fail with a HTTP 400 Status when you try to login with a random token.

    The alternative login methods can be seen at http://oxpedia.org/wiki/index.php?title=HTTP_API#Module_.22login.22
Working...
X