|
|
|
|
|
|
by merb
1914 days ago
|
|
|
you basically told somebody to roll his own crypto. that is a stupid idea. using refresh tokens and access tokens in a standard way is way more secure than rolling your own, this stuff is already pretty hard.
of course one could go with a simple cookie login, but when it comes to external apps, that's not always a good idea, especially not if you need to revoke specific applications. so your general rule of thumb is pretty stupid. |
|
|