Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie synchronisation happens even in token mode #5

Open
rmccue opened this issue Sep 10, 2018 · 1 comment
Open

Cookie synchronisation happens even in token mode #5

rmccue opened this issue Sep 10, 2018 · 1 comment

Comments

@rmccue
Copy link
Member

rmccue commented Sep 10, 2018

If you pass an access token to the API, the Cookie\attempt_authentication() handler will kick in and attempt to synchronise the user from the source. It will use the token from user meta, rather than the one passed in the request.

This should only kick in if cookie auth is used, not in all cases.

Additionally, if the stored token has been revoked, this will lead to 500 errors.
@joehoyle
Copy link
Member

Also ran into this... it leads to nasty bugs when you have oauth tokens stored against users in the DB that are no longer valid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rmccue @joehoyle