Adding a nonce/token to the account status

2 views
Skip to first unread message

Edward Lee

unread,
Apr 27, 2010, 9:20:45 PM4/27/10
to Identity Group
It would be useful to have the server provide a token so that it can
be sent back for actions like "logout". In particular, Wordpress'
logout requests includes a wpnonce to prevent unintended logouts.

In addition to providing the status and name, it could give a token, e.g.,

X-Account-Management-Status: active; name="Edward Lee"; token=abcd1234

And add token as a valid field for actions, e.g.,

"disconnect": {
"method": "GET",
"path": "wp-login.php?action=logout"
"params": {
"token": "wpnonce"
}
}

Ed

Dan Mills

unread,
Apr 27, 2010, 9:23:37 PM4/27/10
to mozilla-labs-o...@googlegroups.com
I like it!
Reply all
Reply to author
Forward
0 new messages