Adding a nonce/token to the account status
2 views
Skip to first unread message
Edward Lee
Apr 27, 2010, 9:20:45 PM4/27/10
to Identity Group
It would be useful to have the server provide a token so that it can
be sent back for actions like "logout". In particular, Wordpress'
logout requests includes a wpnonce to prevent unintended logouts.
In addition to providing the status and name, it could give a token, e.g.,
X-Account-Management-Status: active; name="Edward Lee"; token=abcd1234
And add token as a valid field for actions, e.g.,
"disconnect": {
"method": "GET",
"path": "wp-login.php?action=logout"
"params": {
"token": "wpnonce"
}
}
Ed
be sent back for actions like "logout". In particular, Wordpress'
logout requests includes a wpnonce to prevent unintended logouts.
In addition to providing the status and name, it could give a token, e.g.,
X-Account-Management-Status: active; name="Edward Lee"; token=abcd1234
And add token as a valid field for actions, e.g.,
"disconnect": {
"method": "GET",
"path": "wp-login.php?action=logout"
"params": {
"token": "wpnonce"
}
}
Ed
Dan Mills
Apr 27, 2010, 9:23:37 PM4/27/10
to mozilla-labs-o...@googlegroups.com
I like it!
Reply all
Reply to author
Forward
0 new messages