You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Once an app is authorised and user is returned to the callback URL, they will remain signed in to the site with a cookie unless the user otherwise signs out. This is also true for in-app browsers on mobile devices.
The issue here is that if a user wants to log out of the app and we dispose of their OAuth credentials, they may still be signed into the browser. If they then attempt to login again, they are not required to sign in to the WordPress website again. This could be a security issue if another user begins using the app.
This could be desirable, for example, when authorising an app with Facebook, there is no expectation that you will be logged out of Facebook as part of the process. However, specifically for mobile apps, we may want the option of logged a user out of the site in the in-app browser while they continue to use the app with the OAuth credentials.
The text was updated successfully, but these errors were encountered:
Once an app is authorised and user is returned to the callback URL, they will remain signed in to the site with a cookie unless the user otherwise signs out. This is also true for in-app browsers on mobile devices.
The issue here is that if a user wants to log out of the app and we dispose of their OAuth credentials, they may still be signed into the browser. If they then attempt to login again, they are not required to sign in to the WordPress website again. This could be a security issue if another user begins using the app.
This could be desirable, for example, when authorising an app with Facebook, there is no expectation that you will be logged out of Facebook as part of the process. However, specifically for mobile apps, we may want the option of logged a user out of the site in the in-app browser while they continue to use the app with the OAuth credentials.
The text was updated successfully, but these errors were encountered: