[aerogear-dev] Auth-Token: how to ensure one token is used from only one device ?

Hi, using the Auth-Token to get access to protected resources / endpoints (after doing a login) works fine! I am wondering how to avoid that one token is used on different devices? (e.g. when somebody is 'stealing' the token). I did sign-in to the app, using the browser and got the following token => db5d16da-a1e5-48d9-a2fd-e39e36e835bc Now I was able to issue a get request against the endpoints, by using the same token, from different 'devices': - curl - iOS test case NOTE: we don't need a solution now, since I know you guys are busy with some demo work - but just want to run that 'issue' by this list Greetings, Matthias -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf