cancel
Showing results for 
Search instead for 
Did you mean: 

Oauth Token - authenticate mobile app

Oauth Token - authenticate mobile app

HI all,
I'm developing an application ionic for a magento 2 website.
Now I'm using Token-based authentication .
I get an access token at first login and save it in my app for next time.
It's working fine.

http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html
But if unfortunately hacker or anyone has that token,he can do anything with customer's account.
So how can I get more security for it ?
Or do you have any better solution for it ?
Thank you so much !


1 REPLY 1

Re: Oauth Token - authenticate mobile app

Magento itself have functionality of token expiration time. Where you can set expiration time for token.(Store->Configuration->OAuth->Access Token Expiration)

 

Once token gets expired - generate token again and get the new token.

 

So every time when token gets expired generate new token by either cron or manually and store it in either default magento token box  or you can store in your custom textbox as well and get the value of token from there.

 

To make ease you can also get the new token value by cron on specific time or on when token change condition applied.

 

So even though hacker gets the token once , it will still not works after specific time.

 

According to me its best approach to provide more security for token management.

 

if issue solved, Click kudos/Accept as solutions.

if issue solved,Click Kudos & Accept as Solution