Matthias Niederhausen created WOOKIE-384:
--------------------------------------------
Summary: persist parameter of oAuth feature not user-isolated
Key: WOOKIE-384
URL: https://issues.apache.org/jira/browse/WOOKIE-384
Project: Wookie
Issue Type: Bug
Components: Feature Management
Affects Versions: 0.14.0
Environment: Windows 7, Chrome
Reporter: Matthias Niederhausen
When I use the "persist" parameter of the oAuth feature (which is the default),
every other user will automatically use my token after I have approved access.
This results in a severe security issue, e.g., my google contact list being
shown to someone else.
Using "false" for the parameter value, I have to re-authenticate every try
(which is okay).
The behaviour for "true" should instead be to cache the token for every
individual user (i.e., widget instance).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
