Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer

    • For Any Stage

      • Build
      • Improve
      • Grow

    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • Feature Requests /
avatar image

Bryan Wagstaff suggested an idea · Aug 03, 2021 at 02:00 AM · apisAuthentication

API Logout call for security

There are several existing feature requests and forum posts, but it still needs correction.

It is not enough to have security authentication tokens expire after 24 hours. The current recommendation seems to be to drop them and hope they aren't accidentally reused, or worse, maliciously replayed or stolen. The fact that we cannot expressly invalidate them remains an enormous security flaw.

There needs to be a logout function to explicitly declare "this session is over" and invalidate the token.

thub.nodes.view.add-new-comment
Bryan Wagstaff
Claire Rochelmeyer

People who like this

2 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

No comments

· Add your reply

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps

    • Your Opinion Counts

    We would love to know what you need. Submit your ideas and upvote others to help us prioritize.

    Sign in to post a new idea

    Follow

    Follow This Idea

    No one has followed this yet.

    Related Ideas

    Get PlayFab IDs from Nintendo Service Accounts

    New Client call/params to get new FB token

    email login link

    Provide secure GameCenter login

    REST API feature to be provided

    PlayFab Manger Vs Admin API set

    Adding admin API Get User Account Info with Custom ID

    GetCouponCode - Pulls the next coupon code

    Please add the catalog version parameter to ValidateIOSReceiptRequest and ValidateGooglePlayPurchaseRequest

    Remove old Cloud Script revisions using Admin API

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer

    • For Any Stage

      • Build
      • Improve
      • Grow

    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges