|
|
|
|
|
|
by alejo
578 days ago
|
|
|
Maybe this may help. What if we are not talking internal development teams but something different, like a commercial/public API? In those cases you cannot affort or expect to have meetings with folks to explian and communicate, and you also can appreciate more the abuse (unintended or not) that tokens can have. I particularly liked that OP mentioned about expiration, key rotation and more advanced features you can achieve with his proposal, like switching schemes |
|
|