|
|
|
|
|
|
by er4hn
273 days ago
|
|
|
Well the idea behind tokens is that they should be time and authZ limited. In most cases they are not so they degrade to a glorified static password. Solutions like generating them live with a short lifetime, using solutions like oauth w/ proper scopes, biscuits that limit what they can do in detail, etc, all exist and are rarely used. |
|
|