Idea

Bryan Wagstaff avatar image
Bryan Wagstaff suggested

API Logout call for security

There are several existing feature requests and forum posts, but it still needs correction.

It is not enough to have security authentication tokens expire after 24 hours. The current recommendation seems to be to drop them and hope they aren't accidentally reused, or worse, maliciously replayed or stolen. The fact that we cannot expressly invalidate them remains an enormous security flaw.

There needs to be a logout function to explicitly declare "this session is over" and invalidate the token.

apisAuthentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

No Comments

·

Write a Comment

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Your Opinion Counts

Share your great idea, or help out by voting for other people's ideas.

Related Ideas

Get PlayFab IDs from Nintendo Service Accounts

New Client call/params to get new FB token

email login link

Extra API call that both purchases an item AND runs a cloudscript

Multiple Steam App IDs for one PlayFab Title

Validate purchases in the server API

Reduce Length of PlayFab Game ID to 16 characters

Add GrantedCurrencies field to RedeemCouponResult

Ability to link server custom id to an existing account

Multiple JSON formatting options (get/set) from API