Token enc

Hello,

token enc encryption gets a new token every time the auth/connection is newed. This also means, since new salt each time on reconnect, that the password either needs to be stored or the user would have to enter t every time again, which collided with the sense of using a token in the first place.
Shouldn’t tokens be stored permanently and then on authorization if a token is present only the token is refreshed and only if this fails the password has to be provided again?

Regards

[ppieczul]

BTW the authorization using stored token has a wrong description in the API spec - the string to hash is not "user:token", but "token". Maybe this is a bug in the Loxone which will get fixed, but that's how it works now.

Thought so, thank you. Pawel Pieczul <notifications@github.com> schrieb am So. 17. Dez. 2017 um 00:24:

…

BTW the authorization using stored token has a wrong description in the API spec - the string to hash is not "user:token", but "token". Maybe this is a bug in the Loxone which will get fixed, but that's how it works now. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#14 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHwdR6XlaLcmFHq8isTecWhjRvBYJ0n_ks5tBFE9gaJpZM4QPOpE> .