On 8/27/2019 7:17 AM, Stian Thorgersen wrote:
With regards to security, there's two issues. First if someone
gets a hold
of a bearer token they should not be able to hijack someones account. If we
allow a access token to change credentials it is very easy to completely
hijack an account. Secondly as we're talking about an SSO solution it's
important that an app has only access to what it needs to have access to.
That means no applications should have direct access to users credentials,
which they would need to have to be able to update through a REST API.
This is the
point that we will need to emphasize to users when they
first see the new account console.
Vaclav is right to point out the awkwardness as it stands right now. I
think that we can smooth things out, but until we do, users need to
understand what Stian said above. Then they will at least know it is
for the sake of better security.