Hi all, As part of tightening security in SSO, we will need to invalidate all[1] current SSO tokens within the next week or two, and they will all need to be re-created. We are doing this now and in this manner because we frequently need to do so whenever there are security breaches in third-party sites and users in our systems used the same passwords, as well as when a user changes their password on the server, their tokens are no longer valid. So what I want us to ensure early on is that the phone can handle this situation gracefully and in a user-friendly manner. We won't have the luxury of hand-holding each person if the device gets confused in the future, and I don't want us to be in a position where we need to choose between security and user confusion, where we can avoid it. I have talked to Mardy and David a month or two back to let them know this was coming, but I'm not sure what other areas of the phone it will affect or how.
If you want to test this situation today, in advance of us doing this, you can just go to https://login.ubuntu.com and invalidate your existing token(s) (under Applications). Happy testing! [1] No really *all*, but rather all the ones accessed via the v2 API, which is effectively "all" for the phone -- Martin -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
