Idea

Bryan Wagstaff avatar image
Bryan Wagstaff suggested

API Logout call for security

There are several existing feature requests and forum posts, but it still needs correction.

It is not enough to have security authentication tokens expire after 24 hours. The current recommendation seems to be to drop them and hope they aren't accidentally reused, or worse, maliciously replayed or stolen. The fact that we cannot expressly invalidate them remains an enormous security flaw.

There needs to be a logout function to explicitly declare "this session is over" and invalidate the token.

apisAuthentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

No Comments

·

Write a Comment

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Your Opinion Counts

Share your great idea, or help out by voting for other people's ideas.

Related Ideas

Get PlayFab IDs from Nintendo Service Accounts

New Client call/params to get new FB token

email login link

Authentication management for Azure AD B2C tenant

DeleteTitleDisplayName API call

Make items more intuitive in terms of accessing certain elements

UGC install tracking for search queries

GetFriends add playerId(title)

Epic Games and GOG Galaxy Accounts

Add ability to configure CloudScript repository