Menu
I have developed Spring REST API will serve as a back-end. It will be accessed by web application as well as mobile application. To make this API secure, I have used Spring's oAuth2 authentication. I know by using this architecture, my API is secured, but than also, is there any way to check whether the access_token is used from same client (application) to which it was issued?
898
In developing a similar application (not in Spring though) I faced somewhat of the same problem. What I decided to do for the time being is to generate a new token on every user request and pass it as a response header. This would at least mean that it would be impossible for a user to be logged in from 2 different clients at the same time.
I am not sure if this would be helpful for you though. I'm interested to see what other solutions would be offered here.
183
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
