pgoapi icon indicating copy to clipboard operation
pgoapi copied to clipboard

Option to login with token only

Open norecha opened this issue 9 years ago • 5 comments

This is different then issues where people talk about saving the token once you login and re-use it. I'm talking about logging in with only token. java api has this feature.

https://github.com/Grover-c13/PokeGOAPI-Java

norecha avatar Aug 01 '16 04:08 norecha

And for which reason?

tejado avatar Aug 01 '16 14:08 tejado

Figured it out myself...

tejado avatar Aug 01 '16 15:08 tejado

It's just very bad for security, it shows in your history and process list.

http://serverfault.com/questions/592744/how-to-hide-a-password-passed-as-command-line-argument

Token is much safer alternative, and if it is compromised somehow; you won't lose your whole account.

I'm more familiar with the java pogo api, they use the access_token and refresh it every 5 min to get refresh_token so you never need to enter anything else. We can do something similar here.

norecha avatar Aug 01 '16 15:08 norecha

I implemented also authentication tickets. They are refreshed before they expire. But you are correct, I have to implement a way that the user of the lib can provide an oauth token and not the google/ptc credentials itself.

tejado avatar Aug 01 '16 15:08 tejado

I'd love to see the implementation of a refresh token. Authorization to my google account is not managed by google, so the current google credential method does not work. Would also allow others to provide me with a refresh token so I can do an inventory dump for them.

weblack avatar Aug 04 '16 04:08 weblack