OAuth flow imperfection - not, this is cookie lifetime
Hi koszmarnica
You're right that a user has to log in to the site (aka authentication) to give a third party app authorization to access their data. Your app has it's own independent authentication. When you log out of your app, they are de-authenticating themselves from your app, not from the PoE website. Allowing apps to log users out of the PoE website would be a security concern. Your app has no control over how users authenticate with the PoE website. You can read more about oAuth (and it's common misconceptions) here: https://oauth.net/articles/authentication/ GGG Web Dev Last edited by Guy_GGG on Dec 6, 2022, 5:31:55 PM
|